Mitchell Stoltz wrote: > > That would be bad. How could an attacker modify html.css any more than > any local file? I'm referring to modifying the in-memory instance of html.css associated with a given document - in general, a document can modify its own stylesheets through the CSSOM. My question to Hixie was whether this included being able to get access to the copy of html.css which is "implicitly" associated with all html documents - not whether they could actually change the file on disk. Stuart.
- Re: Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? David Hyatt
- Re: Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? Ian Hickson
- Re: Is the security model XBL uses wrong? Ian Hickson
- Re: Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? Ian Hickson
- Re: Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? Mitchell Stoltz
- Re: Is the security model XBL uses wrong? Ian Hickson
- Re: Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? Ian Hickson
- Re: Is the security model XBL uses wrong? Axel Hecht
- Re: Is the security model XBL uses wrong? Stuart Ballard
- Re: Is the security model XBL uses wrong? Eric Murphy
- Re: Is the security model XBL uses wrong? Ian Hickson
