Re: XSS out of scope

Does this also include phishing that is only made possible via XSS, such
as a "trusted" site that has been injected with a fake login form via
XSS?  Is that also out of scope?  Just want to make sure I'm clear where
we're drawing the boundary...


Close, Tyler J. wrote:
> I've added a new Out of scope section to our Note to cover XSS attacks.
> See:
> 
> http://www.w3.org/2006/WSC/drafts/note/#XSS
> 
> This edit addresses ACTION-160
> 
> Tyler
> 

Received on Thursday, 5 April 2007 14:44:58 UTC