Am Donnerstag, 3. Juli 2014 09:03:32 UTC+2 schrieb Bert JW Regeer: > > > On Jul 3, 2014, at 00:57 , Torsten Irländer <tor...@irlaender.de > <javascript:>> wrote: > > > Hmm... I was thinking of a simple HTML mail with some JS code which gets > executed in Alice browser when opening the Mail. Is this problematic to > start because the webmailer hopefully escapes and strips such malicious > code? > > Even with JS code in an HTML mail within a browser, cross domain policies > are still enforced. > > > > > Is it? The request is triggered in Alice browser window when opening the > email. Maybe I need to read more about the cross domain policy? > > I would recommend reading up on cross domain policies, it is going to be a > lot more helpful than you trying to guess what is going to happen when > someone receives an email. There are very specific requirements that have > to be met for a cross domain GET request to fetch data and allow the page > it is being loaded into to use said data. > > > > > Ok, that seems to be clear. > > > > Cool. > > > Torsten > > Bert >
Thanks Bert for your clarification. I will stick my head into the cross domain policy documentation for a while. Torsten -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. Visit this group at http://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.
