Open
Bug 208881
Opened 21 years ago
Updated 2 years ago
warn about possible web spoofing: warn if form action domain is different from domain where form came from
Categories
(Core :: DOM: Core & HTML, enhancement)
Core
DOM: Core & HTML
Tracking
()
NEW
People
(Reporter: hauser, Unassigned)
Details
Attachments
(1 file)
35.50 KB,
application/octet-stream
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030519 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4b) Gecko/20030519 Most users probably have a hard time understanding this subtlety and posting a form to a different domain than where the html generating the form came from may be perfectly legitimate. However, it would be great to be able under preferences to configure being warned about this. See example discussed on security mailing lists attached. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Reporter | ||
Comment 1•21 years ago
|
||
sorry for attaching this in Outlook format (no clue what the best portable message storage format would be...). At least when I save the mail as .html and load it with Mozilla, I don't seem to get an error for https either.
Comment 2•21 years ago
|
||
Confirming as a new RFE. Also note bug 168274, about exposing the form action more visibly in all cases.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Reporter | ||
Comment 3•18 years ago
|
||
see also http://www.mozdev.org/bugs/show_bug.cgi?id=12963
Updated•15 years ago
|
Assignee: form-submission → nobody
QA Contact: ashshbhatt → form-submission
Assignee | ||
Updated•5 years ago
|
Component: HTML: Form Submission → DOM: Core & HTML
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•