https://stackoverflow.com/questions/18156052
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianBy default cookies are bound to the domain name, so in normal case that should not possible.
If you got a XSS Vuln. on your site, he could access the cookies, so rather be sure to escape all Inputstrings.
iFrame Security Risks from Embedding by Hacker
-
24-06-2022 - |
Domanda
Within my app (http://www.example.com) I am running an iFrame (https://www.example.com/iframe-application).
The main page (www.example.com) only renders custom data based on cookies set by the iFrame. The iFrame has all the smarts, the Javascript, the secure cookies, etc. The iFrame has NO text, images, etc. only javascript code.
Is there any risk that someone would embed the iFrame in another site and access secure cookies, login tokens, etc?
Soluzione
Altri suggerimenti
That would be a cross-site scripting attack and most browser will prevent it unless the user has configured them not to.
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
