|
|
|
|
|
|
by eric_arrr
5101 days ago
|
|
|
I'm not sure where I appeared to contradict myself in my earlier posts, so I'm unsure how to clarify this for you. Best I can do is this: Here is a link to a variation of the "image" file which is the subject of this post:
https://dl.dropbox.com/u/131649/squirrel.html I have embedded harmless (-- honest! --) script in the file to demonstrate that your browser will execute the script in the context of the site where the file is hosted. So, click the link. (Again I promise that no harm will come to your computer.) Now imagine that dl.dropbox.com is, instead, some hypothetical site where users are expected to upload images, but not HTML documents containing arbitrary script, and the security implications should be fairly obvious. |
|
|