DOM Based xss via Cookie isn't exploitable

weitsai / domsnitch

Automatically exported from code.google.com/p/domsnitch

Apache License 2.0

0 stars 0 forks source link

DOM Based xss via Cookie isn't exploitable #23

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

There should be a filter that restricts the input method.  For instance I am 
getting a lot of reports of dom based xss via cookie value,  and I don't care 
because this isn't exploitable.  Some people might care, so there should be a 
configuration option.  I have noticed that referer is also very common,  and it 
might be nice to filter for that as well.

Original issue reported on code.google.com by firealwa...@gmail.com on 3 Sep 2011 at 1:27

GoogleCodeExporter commented 9 years ago

Original comment by r...@google.com on 20 Sep 2011 at 8:50

Changed state: Accepted