ISSUE-110
POST triggered via JavaScript
- State:
- CLOSED
- Product:
- wsc-xit
- Raised by:
- Thomas Roessler
- Opened on:
- 2007-10-02
- Description:
- JavaScript can trigger unsafe HTTP methods (POST, ...). This practice has legitimate usage (e.g., SAML).
Should there be any recommendations on that? - Related Actions Items:
ACTION-339 on Yngve Pettersen to Propose authoring best practice for ISSUE-110 - due 2007-11-13, closed- Related emails:
- Re: Agenda: WSC WG distributed meeting, Wednesday, 2008-04-30 (from tlr@w3.org on 2008-04-29)
- Re: Agenda: WSC WG distributed meeting, Wednesday, 2008-04-30 (from egelman@cs.cmu.edu on 2008-04-29)
- Re: Agenda: WSC WG distributed meeting, Wednesday, 2008-04-30 (from maritzaj@cs.columbia.edu on 2008-04-29)
- Agenda: WSC WG distributed meeting, Wednesday, 2008-04-30 (from Mary_Ellen_Zurko@notesdev.ibm.com on 2008-04-29)
- RE: Agenda: WSC WG distributed meeting, Wednesday, 2008-04-02 (from dan.schutzer@fstc.org on 2008-04-01)
- Agenda: WSC WG distributed meeting, Wednesday, 2008-04-02 (from Mary_Ellen_Zurko@notesdev.ibm.com on 2008-04-01)
- ISSUE-110 POST triggered via JavaScript (from Mary_Ellen_Zurko@notesdev.ibm.com on 2008-03-28)
- Fwd: Agenda: WSC WG distributed meeting, Wednesday, 2007-11-28 (from johnath@mozilla.com on 2007-11-27)
- Agenda: WSC WG distributed meeting, Wednesday, 2007-11-28 (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-11-27)
- Meeting record: WSC WG f2f 2007-11-06 (from tlr@w3.org on 2007-11-21)
- ACTION-339 Proposal for authoring best practice for ISSUE-110 (from yngve@opera.com on 2007-11-21)
- Draft minutes: WSC WG 2007-11-06 (from tlr@w3.org on 2007-11-17)
- WSC Open Action Items (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-11-16)
- WSC Open Action Items (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-11-09)
- Meeting record: WSC WG f2f 2007-10-02 (from tlr@w3.org on 2007-10-25)
- Re: Draft Minutes: WSC WG face-to-face 2007-10-02 (from Mary_Ellen_Zurko@notesdev.ibm.com on 2007-10-10)
- Draft Minutes: WSC WG face-to-face 2007-10-02 (from tlr@w3.org on 2007-10-10)
- Re: ISSUE-110: POST triggered via JavaScript [Techniques] (from yngve@opera.com on 2007-10-02)
- ISSUE-110: POST triggered via JavaScript [Techniques] (from sysbot+tracker@w3.org on 2007-10-02)
Related notes:
Related issue: XHR used to "leak" data that is entered by the user before user actually hits "submit" on a form. Note this is same-origin, whereas form submission can be cross-domain.
Added to Section 9: Authoring Best Practices as open issue.
Anil Saldhana, 21 Jan 2008, 21:10:25Display change log