Hey /prog/, not a regular but I thought I'd try you guys - I'm running into problems when I try to load cross-board content using xmlhttprequest. Apparently it only works in the same domain, so I get security errors when a link pointing to img wants to load content from dat (the cross-board links send you to a redirecting page which does this). Any ideas on how to work through this? I'm running the code through the Greasemonkey Firefox extension. Thanks!
Hey, thanks everyone! I told /pr/ that I started reading SICP, but for some reason they banned my IP for 12 years -_-. Oh well, I can just ask you guys anyway right? :)
You can modify Firefox' settings to enable cross-domain XHR (prefs.js I guess?). However, you would have to convince others to do so as well to use your script, and I'd like to see the gullibledumb fuck who would. You're opening up your browser for a wide range of XSS exploits by doing so, after all.
Name:
Anonymous2009-03-19 18:56
>>12 opening up your browser for a wide range of XSS exploits by doing so
I don't think so.
Give a few examples?
Name:
Anonymous2009-03-19 19:07
Do you even know how XMLHttpRequest works? Imagine a script which reads a password input element and sends this asynchronously to the villian's web server.
>>14
Imagine a script which reads a password and sends this anywhere. I hope I never have to use any web app you wrote.
Name:
Anonymous2009-03-19 20:10
>>14
...Do you even know how the internet works? Anyone who is using a plaintext password input is going to be insecure anyway. And the fuck anyway- for your scenario to happen the user needs to run a malicious script on that page; or the server needs to have been compromised in which case whether or not they are using AJAX to remotely deliver posted passwords has no effect whatsoever on the insecurity.