Am 02.08.2011, 13:00 Uhr, schrieb Anne van Kesteren <[email protected]>:
On Tue, 02 Aug 2011 12:48:06 +0200, Dennis Joachimsthaler
<[email protected]> wrote:
Say, there's a site which uses an autologin facility to automatically
log their users in when the site is opened.
Malicious guy #1 prepares a site that loads the same site in an iframe.
You cannot get to that information cross-origin.
It is not possible anyway? That kind of renders my worries baseless.
But this use case still holds: Userscripts and addons could still read
out everything from the sites.
It might be way too much a niche case though.
