On Thu, Jun 4, 2009 at 1:57 AM, <[email protected]> wrote: > Sure, make the link point to an HTTPS site with a valid certificate, or use > XSS to insert your desired content into an existing (vulnerable) HTTPS site > of your choice.
I understand that - but assuming that's not an option - HTTP only on the injected code - is there another way to do this? Not necessarily through a plain iframe - are there any javascript, encoding tricks, etc that would cause the browser not to recognize the mixed content? - Chris _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
