Changes between Initial Version and Version 1 of Ticket #6622, comment 40


Ignore:
Timestamp:
05/23/2018 10:16:51 PM (15 months ago)
Author:
mjethani
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #6622, comment 40

    initial v1  
    1717 
    1818{{{ 
    19 <script src="https://raw.githubusercontent.com/foo/good.js"></script> 
     19<script src="https://raw.githubusercontent.com/alice/good.js"></script> 
    2020}}} 
    2121 
    22 If a filter list author rewrote that path to `/bar/bad.js`, and the script ended up doing something malicious with the user's data on the site, then that would be a problem. 
     22If a filter list author rewrote that path to `/eve/bad.js`, and the script ended up doing something malicious with the user's data on the site, then that would be a problem. 
    2323 
    2424From the user's point of view, let's see all the relevant entities the user would be trusting in this case: 
     
    2626 1.  Naturally the user trusts the document that contains the above HTML tag, let's call it `photos.example.com` 
    2727 2.  By extension, the user trusts `raw.githubusercontent.com` 
    28  3.  By extension, the user trusts `/foo` 
     28 3.  By extension, the user trusts `/alice` 
    2929 4.  The user trusts the filter list 
    3030