Þann fös 15.júl 2011 18:39, skrifaði Jonas Sicking:
2011/7/14 Ian Fette (イアンフェッティ)<ife...@google.com>: One concern which was brought up was the ability to cause the user to download a file from a third party site. I.e. this would allow evil.com to trick the user into downloading an email from the users webmail, or download a page from their bank which contains all their banking information. It might be easier to then trick the user into re-uploading the saved file to evil.com since from a user's perspective, it looked like the file came from evil.com
Would it not be possible to send an unauthenticated request for the file, if it's of different origin?
