Re: [ANN] Reactive Server Pages

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: Re: [ANN] Reactive Server Pages
From: Tobias Käs <tobias.kaes@...>
Date: Fri, 6 Aug 2010 10:05:03 +0000 (UTC)

Robert G. Jakabosky <bobby <at> sharedrealm.com> writes:

> 
> On Thursday 05, Henk Boom wrote:
> > http://www.lua.inf.puc-rio.br/rsp/step/?_html=%3Cscript+type%3D%22text/java
> >script%22%3Ealert(%22this+could+have+been+a+malicious+script%22)%3C/script%3
> >E
> >
> > in case line wrapping broke the url:
> >
> > http://bit.ly/crWYMP
> 
> Looks like there was a bug that made my session get the contents of _html from 
> your session.
> 

Yup there's definitely a bug "leaking" state between sessions. I just tried the
"shopping example" and did nothing else than keep klicking on the "state" link
and it kept adding items to my shopping cart randomly ;)

References:
- [ANN] Reactive Server Pages, Francisco Sant'anna
- Re: [ANN] Reactive Server Pages, Chris Babcock
- Re: [ANN] Reactive Server Pages, Henk Boom
- Re: [ANN] Reactive Server Pages, Robert G. Jakabosky

Prev by Date: RE: IUP, popen & processes
Next by Date: RE: IUP, popen & processes
Previous by thread: Re: [ANN] Reactive Server Pages
Next by thread: Re: [ANN] Reactive Server Pages
Index(es):
- Date
- Thread