On Sun, 9 May 2010, Perry Smith wrote:
>
> In HTML5 6.3.1 Relaxing The Same Origin Restriction [1] bullet 3, sub
> bullet 3 there is a clause that says that if the domain is reduced down
> to something that is on the Public Suffix List, the new value is
> rejected. That phrase caused me to paus
On Mon, May 10, 2010 at 2:31 AM, Perry Smith wrote:
> If we have a site like official_site.area_subdomain.big.com which relaxes the
> restriction to area_subdomain.big.com, it is now exposed to the potential of
> an attack from any of the systems within the same area_subdomain including
> laptops
In HTML5 6.3.1 Relaxing The Same Origin Restriction [1] bullet 3, sub bullet 3
there is a clause that says that if the domain is reduced down to something
that is on the Public Suffix List, the new value is rejected. That phrase
caused me to pause.
I was wondering about internal attacks. Firs