Looks like they actually are using POST – see http://www.livejournal.com/community/evan_tech/150019.html for details. |
Ajax can post.... hmm. Is that "correct" browser behavior? The W3C says "HTTP GET is safe; i.e., agents do not incur obligations by following links." http://www.w3.org/2001/tag/doc/whenToUseGet-20030919
Didn't agents "incur obligations by following links" in the case of this MySpace worm? |
It seems to me that this ability is a side-effect and not a feature. |
Just makes you wonder how much of Web 2.0 has passed a rigorous security inspection. |
I found this paper on XSS Viruses/Worms http://www.bindshell.net/papers/xssv.html. It explains the concept well. |
Please add me I'm a really cool person and i'll comment you comment your pictures and everything if you do the same to me =] please and thank yous. <3 |
[moved]
i want to make my myspace private but i don't know how...... and i need help |
man i only got 475 friends i need like 1,000,000.does anyone know how to do this faster? |
Hehe.. I only have 8 friends and I am way too busy to look and add more, so what can I do to just have people add me to their friends list? My personal freinds believe I am retarded for joining myspace, so that is another reason for not having many friends either.. add me or help me.. |