The same-origin-policy is one of several models that web browsers use to determine which JavaScript files in a webpage should be executed. This is determined by the domain (the origin).
Questions tagged [same-origin-policy]
146 questions
4
votes
3 answers
Flash ignores Content-Type header, allowing XSS?
I recently read that the Flash plugin ignores the Content-Type header in certain circumstances. In particular, you can give Flash a URL, and the Flash plugin will happily fetch the content at that URL and load whatever it receives as a SWF file,…
D.W.
- 98,420
- 30
- 267
- 572
4
votes
2 answers
Securely render SVG
How can I securely render SVG documents in a media sharing application?
I think the same-origin policy might help a bit if I host the SVG documents on a separate domain and render them inside an