Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
About Data Protocol in Browser
Posted by: Nonove
Date: September 26, 2009 10:25AM

I encountered a problem about the data protocol.

Yesterday,I read the paper Browser_Hijacking_Techniques_2009.
The paper lists some XSS PoC about Data Protocol.
I tried the PoC,but failed.It didn't work.

IE8 supports the data protocol.
Also the examples didn't work.

Need some help, here.
Thanks!!!

the paper url:http://www.xssed.com/article/29/Browser_Hijacking_Techniques_2009/
IE8 data protocol: http://msdn.microsoft.com/en-us/library/cc848897(VS.85).aspx



Edited 1 time(s). Last edit at 09/26/2009 10:41AM by Nonove.

Options: ReplyQuote
Re: About Data Protocol in Browser
Posted by: thornmaker
Date: September 26, 2009 11:38AM

the msdn page you link to says:
Quote

For security reasons, data URIs are restricted to downloaded resources. Data URIs cannot be used for navigation, for scripting, or to populate frame or iframe elements.

Options: ReplyQuote
Re: About Data Protocol in Browser
Posted by: Nonove
Date: September 26, 2009 08:39PM

@thornmaker.
Thanks! actually, I missed the passage.

Options: ReplyQuote


Sorry, only registered users may post in this forum.