comment on

About petrucio's password hash hack... It is not so bad because it only shows the encrypted pwd and can only access cookies related to Perlmonks. With current JS security, I believe that unless you send email messages, you can only talk to the server the page came from.
If I can display your cookie to you, I can send it to me. If I can get your cookie, I can login as you.

I'm not sure what is allowed nowadays in scripts on home nodes, and I didn't go check the script in question (I'm pretty sure Petruchio is *not* sending it anywhere anyways) but the above should be true unless someone actually took a lot of time parsing and allowing certain js commands and not others. :)

You have moved into a dark place.
It is pitch black. You are likely to be eaten by a grue.

In reply to Re(3): Filtering potentially dangerous URI schemas in <a href="..."> by Dog and Pony
in thread Filtering potentially dangerous URI schemas in <a href="..."> by IlyaM

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.