On 06/11/11 12:46, [email protected] wrote: > The content-type should be application/json or at the very least text/plain.
I was clearly talking rubbish here; the content type should be a javascript one. Still, I was completely correct about the danger of using text/html and allowing arbitrary content for the callback parameter. -- Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
