Skip to content

Commit

Permalink
[] (0) Mention that iframe can be used for probing local network HTTP…
Browse files Browse the repository at this point in the history 
… servers. (This could also be done with other elements, like object, I guess, but I haven't mentioned that here.)

Affected topics: HTML

git-svn-id: http://svn.whatwg.org/webapps@7797 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information
@Hixie
Hixie committed Apr 9, 2013
1 parent 86061d2 commit 0bdca1e
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 2 deletions.
7 changes: 6 additions & 1 deletion complete.html
View file
Expand Up @@ -24530,7 +24530,12 @@ <h4 id=the-iframe-element><span class=secno>4.8.2 </span>The <dfn><code>iframe</
<li><p>Unset <var title="">child document</var>'s <a href=#iframe-load-in-progress>iframe load in progress</a>
flag.</li>

</ol><p>When the <code><a href=#the-iframe-element>iframe</a></code>'s <a href=#browsing-context>browsing context</a>'s <a href=#active-document>active document</a> is
</ol><p class=warning>This, in conjunction with scriptingy, can be used to probe the URL space of the
local network's HTTP servers. User agents may implement <a href=#origin title=origin>cross-origin</a>
access control policies that are stricter than those described above to mitigate this attack, but
unfortunately such policies are typically not compatible with existing Web content.</p>

<p>When the <code><a href=#the-iframe-element>iframe</a></code>'s <a href=#browsing-context>browsing context</a>'s <a href=#active-document>active document</a> is
not <a href=#ready-for-post-load-tasks>ready for post-load tasks</a>, and when anything in the <code><a href=#the-iframe-element>iframe</a></code> is <a href=#delay-the-load-event title="delay the load event">delaying the load event</a> of the <code><a href=#the-iframe-element>iframe</a></code>'s
<a href=#browsing-context>browsing context</a>'s <a href=#active-document>active document</a>, and when the <code><a href=#the-iframe-element>iframe</a></code>'s
<a href=#browsing-context>browsing context</a> is in the <a href=#delaying-load-events-mode>delaying <code title=event-load>load</code> events
Expand Down
7 changes: 6 additions & 1 deletion index
View file
Expand Up @@ -24530,7 +24530,12 @@ href="?audio"&gt;audio&lt;/a&gt; test instead.)&lt;/p&gt;</pre>
<li><p>Unset <var title="">child document</var>'s <a href=#iframe-load-in-progress>iframe load in progress</a>
flag.</li>

</ol><p>When the <code><a href=#the-iframe-element>iframe</a></code>'s <a href=#browsing-context>browsing context</a>'s <a href=#active-document>active document</a> is
</ol><p class=warning>This, in conjunction with scriptingy, can be used to probe the URL space of the
local network's HTTP servers. User agents may implement <a href=#origin title=origin>cross-origin</a>
access control policies that are stricter than those described above to mitigate this attack, but
unfortunately such policies are typically not compatible with existing Web content.</p>

<p>When the <code><a href=#the-iframe-element>iframe</a></code>'s <a href=#browsing-context>browsing context</a>'s <a href=#active-document>active document</a> is
not <a href=#ready-for-post-load-tasks>ready for post-load tasks</a>, and when anything in the <code><a href=#the-iframe-element>iframe</a></code> is <a href=#delay-the-load-event title="delay the load event">delaying the load event</a> of the <code><a href=#the-iframe-element>iframe</a></code>'s
<a href=#browsing-context>browsing context</a>'s <a href=#active-document>active document</a>, and when the <code><a href=#the-iframe-element>iframe</a></code>'s
<a href=#browsing-context>browsing context</a> is in the <a href=#delaying-load-events-mode>delaying <code title=event-load>load</code> events
Expand Down
5 changes: 5 additions & 0 deletions source
View file
Expand Up @@ -25775,6 +25775,11 @@ href="?audio">audio&lt;/a> test instead.)&lt;/p></pre>

</ol>

<p class="warning">This, in conjunction with scriptingy, can be used to probe the URL space of the
local network's HTTP servers. User agents may implement <span title="origin">cross-origin</span>
access control policies that are stricter than those described above to mitigate this attack, but
unfortunately such policies are typically not compatible with existing Web content.</p>

<p>When the <code>iframe</code>'s <span>browsing context</span>'s <span>active document</span> is
not <span>ready for post-load tasks</span>, and when anything in the <code>iframe</code> is <span
title="delay the load event">delaying the load event</span> of the <code>iframe</code>'s
Expand Down

0 comments on commit 0bdca1e

Please sign in to comment.