The examples above would create a GET
request resembling this:
GET index.html HTTP/1.1
Web pages also have the ability to include other web pages in their own window,
using the iFrame object. iFrames are an interesting study in the Same Origin Policy; sites
are allowed to create iFrames that link to other domains, and they can then include that
page in the other domain to their content. However, once a cross-domain iFrame is
loaded, content in the parent page is not allowed to interact with the iFrame. iFrames
have been used in a number of security hoaxes, when individuals created pages that
???stole??? a user??™s personal content by displaying it in an iFrame on an untrusted site, but
despite appearances, this content was served directly from the trusted site and was not
stolen by the attacker. We will discuss malicious use of iFrames later in this chapter.
An iFrame is created with a tag such as this:
Image and Object Loading
Many web sites store their images on a separate subdomain, and they often include
images from other domains. A common example is that of web banner advertisements,
although many advertisers have recently migrated to cross-domain JavaScript.
Pages:
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162