hardening OW against stealth submits
Zachery Bir
zbir at urbanape.com
Tue Mar 7 03:58:22 PST 2006
On Mar 7, 2006, at 12:23 AM, Clytie Siddall wrote:
> On 06/03/2006, at 5:57 PM, Eugene wrote:
>
>> <http://virtualkarma.blogspot.com/2006/03/stealth-submit-using-
>> ajax.html>
>>
>> Thoughts on non-benevolent Javascript secretly sending out
>> user data without the user hitting the submit button?
>
> Nasty. :(
Useful, too.
> Any way OW can protect us from this, or we protect ourselves?
You can turn off Javascript. This kind of thing is vital for doing
any kind of web app with an "autosave" style feature. Removing it at
the browser level would cripple such applications.
Zac
More information about the OmniWeb-l
mailing list