Oliver Bleutgen <myzope@gmx.net> wrote:
Although I repeat myself, implementing this proposal would give me a lot of options to prevent myself from this kind of attack, completely or partially.
- In Internet Explorer I can disable javascript. (problem solved) - In Internet Explorer I use the zone restrictions (prevents attacks from untrusted servers) - I can do the same in mozilla - additionally, in mozilla I can just disable form submitting in javascript, with something like (this is surely wrong) user_pref("capability.policy.default.HTMLFormElement.submit", "noAccess"); Put this your prefs.js file and you are done.
Really, it _would_ help.
Okay, I agree that it does indeed help. Florent -- Florent Guillaume, Nuxeo (Paris, France) +33 1 40 33 79 87 http://nuxeo.com mailto:fg@nuxeo.com