AD_COMPANY.COM/adj/somesite/news/natworld/nation;ptype=s;
slug=lanausattys13mar13;rg=ur;ref=fooflecom;pos=left2;
sz=120x60;tile=3;ord=45113127?" type="text/javascript">
The pervious code loads a script from the ad company??™s site into the context of the
currently rendering page. Like any script loaded into the browser, the advertisement has
access to the full content of the page as if it were loaded from the server currently being
accessed. This includes access to the following:
??? The cookies in this page, their values, and the ability to set them
??? The content of this page, including any cross-site request forgery (CSRF)
protection tokens in use
140
??? The contents of other pages on the site serving this advertisement, even if they
are on the viewer??™s intranet, protected with client certi?¬? cates, or locked down
by IP address; this might include personal information about the user, account
details, message contents, and so on
Web applications that include scripts from third-party domains give the code hosted
on that domain access to the user??™s formerly private view of the web site. This may allow
advertisers or those who control their servers to peek at a customer??™s financial data on
their bank??™s web site.
Pages:
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275