Question about XSS and proxies

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi everyone, I'm working on a website right now that relies on knowing
what content a user is viewing in an iframe. Because of XSS rules, I
proxy content from other pages through a php proxy script. This allows
me to tell what is in the iframe. My questions are, what downsides do
you see to this architecture for the application? Are there any
security and/or legal concerns? And similarly, are there any other
ways of accomplishing this task?

I'd also be interested to know what everyone thinks about the idea.
For example: /

It's basically a tool to allow users to chat with the other people
currently viewing the same web page. It's mean to encourage discussion
about the stuff people tend to passively read on the internet. I guess
it's geared towards tech people in general...

Any thoughts?



Re: Question about XSS and proxies wrote:
Quoted text here. Click to load it

You mean other than the fact it may get your site banned for taking
content from other sites?  A lot of sites don't like that - I know my
clients wouldn't.  They see that in the

You may also run afoul of copyright laws; you need to talk to an
attorney from your jurisdiction (who is also familiar with copyright
laws from other countries) to know for sure.

What's wrong with just displaying the page in a browser while using some
application like chat, irc, etc.?

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Re: Question about XSS and proxies

On Dec 8, 8:51=A0pm, wrote:
Quoted text here. Click to load it
It's liable to be used by people wishing to, effectively, mask their
IP address.  You can probably expect people to vandalize
through your PHProxy installation and perhaps even launch attacks
against other websites.  Sarah Palin's email address was
hacked through something like PHProxy (it might have actually been
PHProxy; I don't know):

Personally, I wouldn't want to make my IP address available for people
to use in such a manner.

Also, on the subject of XSS, your website has a reflected XSS

Site Timeline