|
| RSS Security in IE7 |
 |
Thu, 10 Aug 2006 18:47:08 +000 |
Responding to a presentation at Black Hat and a resulting article on CNET,
Walter vonKoch has posted an article on the Microsoft Team RSS blog to describe
how IE7 safeguards against malicious scripts in feeds. vonKoch writes about two
primary security points:
During downloading, the RSS feed is passed through a sanitation process that
removes scripts;
The received feed is displayed in IE7 in the Restricted security zone, where URL
actions are disallowed
For more about these aspects of RSS security in IE7 and recommendations for
hosting IE in applications, check out Walter's post at
http://blogs.msdn.com/rssteam/archive/2006/08/07/691248.aspx
|
| Post Reply
|
| Re: RSS Security in IE7 |
 |
Sun, 20 Aug 2006 04:28:21 +000 |
Looks good. I was wondering about that, actually. I mean Office 2007 asks me
whether I want to include all associated content each time I want to forward an
RSS item to a friend via e-mail, and I never saw any warnings from IE...well I
guess I know why now
|
| Post Reply
|
|
|
|
|
|
|
|
|
|