On Tue, 3 Jul 2001, Eric Murphy wrote:
>
> The purpose of this example is to display a user roster in web content,
But this is a security (well, privacy really) hole. If any web page can do
this, then you end up with the possibility of a hostile page getting
access to the user roster (through the DOM).
Isn't the technical solution to this to require the page to be signed? I
don't know anything about that really. :-)
--
Ian Hickson )\ _. - ._.) fL
Netscape, Standards Compliance QA /. `- ' ( `--'
+1 650 937 6593 `- , ) - > ) \
irc.mozilla.org:Hixie _________________________ (.' \) (.' -' __________
