Revision: 3748
Author: ihab.awad
Date: Fri Sep 25 13:37:31 2009
Log: Edited wiki page through web user interface.
http://code.google.com/p/google-caja/source/detail?r=3748
Modified:
/wiki/AttackVectors.wiki
=======================================
--- /wiki/AttackVectors.wiki Wed Sep 2 10:23:56 2009
+++ /wiki/AttackVectors.wiki Fri Sep 25 13:37:31 2009
@@ -52,3 +52,4 @@
* UrlFetchingSideChannel -- Side-channels from unproxied connections
leak information across closed networks
* HistoryMining -- CSS can be used to determine whether a user has
visited a URL.
* RedirectWithoutUserAction -- JS and HTML both allow redirection with
user interaction.
+ * PhishingViaCrossSiteHttpAuth -- An attacker can display an HTTP
authorization dialog that looks like it may have come from another site.
