On Wed, Dec 3, 2008 at 12:58 PM, Mark Nottingham <[EMAIL PROTECTED]> wrote:
> On 03/12/2008, at 11:32 PM, Ben Laurie wrote:
>> There are standards for XSS???
>
> There's a de facto standard in the browsers (same origin), and these
folks
> are working towards something more formal, maybe;
> http://www.w3.org/2006/WSC/
Same origin policy isn't really all that much to do with cross-site
scripting, surely?
With regards to same origin policy, is there any consideration for file:///
based stuff, since there is currently an open issue in the Mozilla bug
database:
https://bugzilla.mozilla.org/show_bug.cgi?id=397894
If there is a w3c recommendation on how to deal with this it would be
useful.
Andre