3
edits
Changes
→Security worries, added stuff about propagation of XSS vulnerable material
** Messes up soap: Should be researched/tested
** XSS/CSRF: If website A.com is vulnerable to an XSS exploit, then all the data of all other domains having accepted *.A.com is suddenly vulnerable
** Propagation of XSS: Suppose we have 3 domains, A.com, B.com and C.com. B.com retrieves data of A.com and renders this data in a <pre> environement. Domain C retrieves the content of the <pre> block of B.com. The user cannot control any values of C.com, thus C.com claims to be safe against XSS exploits
Now suppose we can control the data of A.com ; B.com will not have an XSS exploit since it is in a<pre> tag. Unfortunately C.com has an XSS exploit and will render the code of A.com. This code now runs in the context of C.com and is able to request other data of B.com;
Conclusion is that the statement in the previous bullet might have more implications than one thought.
* Implementation attacks
** premature loading of data (fixed by the inner nsIStreamListener)
** side channel attacks (e.g. timing, computational load, measuring network speed/usage)
