>>There's nothing magically sacrosanct in HTTP or HTML to prevent this sort of thing.
You're right, but as a developper, I have to modify my code every day, because every day comes up a new version in which something has been cancelled or disabled, like accessing the clipboard by Javascript, or such function because "it was too dangerous", and here I discover that any one can have a script run in my page just like if I wrote it myself :-( I can understand that a plugin can run a script when a page is loaded, but it is absolutely stupid this script can be part of the page and have all privileges granted to the user after a legitimate authentication. The script could run by itself, but have no access to the DOM and not be able to read or define cookies from the original domain. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359233 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
