You've probably seen the headlines, there's an interesting XSS attack going on at myspace using a malicious QuickTime movie to infect myspace sites.
Here's a good description of the basic technique that uses a QT movies to execute a HREFTrack, the HREFTrack being some javascript.
http://www.gnucitizen.org/blog/backd...cktime-movies/
The interesting thing (to this forum) would be that this technique doesn't work in Safari. It does however execute javascript in Omniweb, which surprised me since OW utilizes so much of WebKit.
You can access this test movie to see if your browser displays a benign pop-up http://rdiv.com/downloads/jim/pop-up.mov
I'm not sure whether this is a Safari security feature or lack of javascript support . . . and is this a correctly functioning feature or hole in OmniWeb.
Here's a good description of the basic technique that uses a QT movies to execute a HREFTrack, the HREFTrack being some javascript.
http://www.gnucitizen.org/blog/backd...cktime-movies/
The interesting thing (to this forum) would be that this technique doesn't work in Safari. It does however execute javascript in Omniweb, which surprised me since OW utilizes so much of WebKit.
You can access this test movie to see if your browser displays a benign pop-up http://rdiv.com/downloads/jim/pop-up.mov
I'm not sure whether this is a Safari security feature or lack of javascript support . . . and is this a correctly functioning feature or hole in OmniWeb.
Threaded Mode