On 9/4/07, Domas Mituzas midom.lists@gmail.com wrote:
Hi!
This would avoid the cross-domain scripting prohibitions, and allow toolserver developers to incorporate AJAX functionality into their scripts.
And allow each and everyone on toolserver to do XSS attacks, thus by having trust problems.
XSS attacks are already possible by those who can edit the JS files by using the document.write('<script src=" trick.
Not mentioning the problem of rewrites and request pingpongs over atlantic ocean..
Again, this already happens.
Best regards,
Domas Mituzas -- http://dammit.lt/ -- [[user:midom]]
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org http://lists.wikimedia.org/mailman/listinfo/wikitech-l