[Zope-dev] [RFClet]: What about the request method and the client side trojan?
Florent Guillaume
fg@nuxeo.com
Tue, 16 Apr 2002 16:21:50 +0000 (UTC)
Oliver Bleutgen <myzope@gmx.net> wrote:
> Although I repeat myself, implementing this proposal would give me a lot
> of options to prevent myself from this kind of attack, completely or
> partially.
>
> - In Internet Explorer I can disable javascript. (problem solved)
> - In Internet Explorer I use the zone restrictions (prevents attacks
> from untrusted servers)
> - I can do the same in mozilla
> - additionally, in mozilla I can just disable form submitting in
> javascript, with something like (this is surely wrong)
> user_pref("capability.policy.default.HTMLFormElement.submit", "noAccess");
> Put this your prefs.js file and you are done.
>
> Really, it _would_ help.
Okay, I agree that it does indeed help.
Florent
--
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87 http://nuxeo.com mailto:fg@nuxeo.com