3
edits
Changes
m
formatting changes
** Messes up soap: Should be researched/tested
** XSS/CSRF: If website A.com is vulnerable to an XSS exploit, then all the data of all other domains having accepted *.A.com is suddenly vulnerable
** Propagation of XSS: Suppose we have 3 domains, A.com, B.com and C.com. B.com retrieves data of A.com and renders this data in a "<pre> " environement. Domain C retrieves the content of the "<pre> " block of B.com. The user cannot control any values of C.com, thus C.com claims to be safe against XSS exploits
Now suppose we can control the data of A.com ; B.com will not have an XSS exploit since it is in a"<pre> " tag. Unfortunately C.com has an XSS exploit and will render the code of A.com. This code now runs in the context of C.com and is able to request other data of B.com;
Conclusion is that the statement in the previous bullet might have more implications than one thought.
