publicsuffix - Dave's Blog

Search
My timeline on Mastodon

The WHATWG Blog - Blog Archive - This Week in HTML 5 - Episode 20

2009 Feb 3, 11:15"r2719 specifies that browsers should not allow scripts to set document.domain to anything on the Public Suffix List, such as "com" or "co.jp". Essential background reading on why this is dangerous: Untraceable XSS Attacks. Most browsers already block this attack, e.g. Firefox since 3.0. [Background: Re: Setting document.domain]"PermalinkCommentshtml5 tld publicsuffix dns security html internet web reference w3c

Re: [DNSOP] Public Suffix List

2008 Sep 10, 1:32Discussion on IETF DNS mailing list about Mozilla's Public Suffix list and what they should do ultimately. "I'm inclined to suggest: Gather and hard-code your list into Firefox, and also provide a mechanism by which domain authorities can publish information which overrides your list for their domain."PermalinkCommentsidn domain firefox publicsuffix ietf mozilla tld
Older Entries Creative Commons License Some rights reserved.