5 votes

Userdir URLs like https://example.org/~username/ are dangerous

Tags: security, web

1 comment

  1. PendingKetchup
    Link
    Isn't the solution just the suborigin header? Userdir URLs almost certainly predate client-side scripting; it's not like the browser people haven't had a chance to think about this. If they think...

    Isn't the solution just the suborigin header?

    Userdir URLs almost certainly predate client-side scripting; it's not like the browser people haven't had a chance to think about this. If they think https://university.edu/~professor and https://university.edu/~student are controlled by mutually trusting entities, they're just wrong.

    6 votes