[WikiEN-l] Re: Previews

Guettarda guettarda at gmail.com
Sun Oct 30 05:30:30 UTC 2005


>
>
> This bug is associated with a feature which prevents submission of forms
> by
> offsite javascript. For example, if a hacker wanted a page deleted, they
> could write some javascript, put it up on their website, then post a link
> to
> it on the user talk page of an administrator. The bug involved makes some
> unknown random event during an ordinary form submission appear essentially
> identical to this abuse scenario.
>
> -- Tim Starling


So this is what is going on when you get the message "rollback action
cancelled to prevent session hijacking"? Always wondered what was going on -
if it meant my account might have been compromised (I changed my password
after getting that message, just to be safe; always thought I should enquire
about what that meant).

Ian



More information about the WikiEN-l mailing list