tag:blogger.com,1999:blog-34422497.post116841556113674909..comments2024-01-03T07:10:05.491-05:00Comments on Anurag Agarwals' Threat Modeling Blog: Breaking the Same Origin barrier of JavascriptAnurag Agarwalhttp://www.blogger.com/profile/00132226679618654350noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-34422497.post-10624000659624205432008-02-28T21:32:00.000-05:002008-02-28T21:32:00.000-05:00Great article. Excellent explanation.Maluc/Mahmudu...Great article. Excellent explanation.<BR/><BR/>Maluc/Mahmudul, the difference between loading a static external js and loading through a servlet/cgi is that with latter, the injected javascript can collect sensitive data from the user browser and send to the remote site!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-34422497.post-31670127004119251632007-05-31T06:40:00.000-04:002007-05-31T06:40:00.000-04:00What is your point ? We can always load javascript...What is your point ? We can always load javascript from external site. There was no barrier.Mahmudul Hasanhttps://www.blogger.com/profile/16757992067945858063noreply@blogger.comtag:blogger.com,1999:blog-34422497.post-1169090237389135282007-01-17T22:17:00.000-05:002007-01-17T22:17:00.000-05:00hi malucyou are right but what i am trying to expl...hi maluc<BR/><BR/>you are right but what i am trying to explain here is that if a website is vulnerable to xss then using this feature an attacker can actually control a user browser from a remote locationAnurag Agarwalhttps://www.blogger.com/profile/00132226679618654350noreply@blogger.com