![]() The user can't go back to the state before the frame committed. When the first commit occurs within a new subframe of a document, it becomes part of the existing joint session history item (which we refer to as an “auto subframe navigation”). This pruning is performed for all new navigations, unless they commit with replacement. However, joint session history is tracked as a list and not as a tree, so the previous forward history is “pruned” and forgotten. ![]() If the user goes back and then commits a new navigation, this essentially forks the joint session history. Identifying Same- and Cross-Document Navigations.You have to ensure that the tokens you associate to sessions are secure and only known to an authenticated user. For instance, if you set CRISP_TOKEN_ID to the user's email address (which is then a value that can be known to an attacker), then the attacker can recover any previous chat session with the attacked user by setting the CRISP_TOKEN_ID value to the email he wants to target.Ĭrisp declines all responsibility for unsecure implementations of this feature. If you use an unsecure identification token, such as an email address - in other words, a token which can be known from unauthenticated users - the attack described above is still possible. String-encoded pseudorandom key, generated from a good source of entropy.
0 Comments
Leave a Reply. |