After reading all those cross domain attacks, I was wondering how the browsers are protecting naive user from the cross domain manipulated page displays from scripts. The reason it works is because all browsers follow same origin policy. The same origin policy prevents document or script loaded from one origin from getting or setting properties of a document from a different origin.
More details on single origin policy on google help pages.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment