On Sep 4, 2014 5:04 PM, "Dave Watts" wrote: > This is exactly how user scripts work. They are installed by the user > in some fashion, and can control browser functionality. This is how > online password managers work, how Greasemonkey works, etc, etc, etc. > If a user installs malware, of course that malware can do this sort of > thing. There's nothing magically sacrosanct in HTTP or HTML to prevent > this sort of thing.
A Content Security Policy that blocks inline scripts will block some local malware too. It may for instance block bookmarklets, but not Greasemonkey. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:359240 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
