Netscape's results:
1. FAIL postMessage API
2. FAIL JSON.parse API
3. FAIL toStaticHTML API
4. PASS httpOnly cookie API
5. FAIL X-Frame-Options
6. FAIL X-Content-Type-Options
7. FAIL Block reflected XSS
8. PASS Block location spoofing
9. FAIL Block JSON hijacking
10. PASS Block XSS in CSS
11. FAIL Sandbox attribute
12. FAIL Origin header
13. FAIL Strict Transport Security
14. FAIL Block cross-origin CSS attacks
15. FAIL Content Security Policy
16. FAIL Cross Origin Resource Sharing
17. FAIL Block visited link sniffing
Well, there was many addons working with this version but after your advice I've upgraded to 3.6.12. So Results are:
1. PASS postMessage API
2. PASS JSON.parse API
3. FAIL toStaticHTML API
4. PASS httpOnly cookie API
5. PASS X-Frame-Options
6. FAIL X-Content-Type-Options
7. FAIL Block reflected XSS
8. PASS Block location spoofing
9. PASS Block JSON hijacking
10. PASS Block XSS in CSS
11. FAIL Sandbox attribute
12. FAIL Origin header
13. FAIL Strict Transport Security
14. PASS Block cross-origin CSS attacks
15. FAIL Content Security Policy
16. PASS Cross Origin Resource Sharing
17. FAIL Block visited link sniffing
He probably enables JavaScript on a whitelist-like basis. Just like I do with both JS itself (NotScripts for Opera) as well as Flash.
"I just remembered something that happened a long time ago."
A blacklist i would understand. A whitelist however is too much work imho.
Using latest ff stable for windows:
1. PASS postMessage API
2. PASS JSON.parse API
3. PASS toStaticHTML API
4. FAIL httpOnly cookie API
5. PASS X-Frame-Options
6. PASS X-Content-Type-Options
7. PASS Block reflected XSS
8. PASS Block location spoofing
9. PASS Block JSON hijacking
10. PASS Block XSS in CSS
11. FAIL Sandbox attribute
12. FAIL Origin header
13. PASS Strict Transport Security
14. PASS Block cross-origin CSS attacks
15. FAIL Content Security Policy
16. PASS Cross Origin Resource Sharing
17. PASS Block visited link sniffing
Opera 11 Result. Passed at [9/17]Code:1.PASS postMessage API 2.PASS JSON.parse API 3.FAIL toStaticHTML API 4.PASS httpOnly cookie API 5.PASS X-Frame-Options 6.FAIL X-Content-Type-Options 7.PASS Block reflected XSS 8.PASS Block location spoofing 9.PASS Block JSON hijacking 10.PASS Block XSS in CSS 11.FAIL Sandbox attribute 12.FAIL Origin header 13.FAIL Strict Transport Security 14.PASS Block cross-origin CSS attacks 15.FAIL Content Security Policy 16.FAIL Cross Origin Resource Sharing 17.FAIL Block visited link sniffing
Evilmill, I'm using Opera 11 too, and I'm passing points 6 and 17, whereas you do not?
The last one sounds like related to referers, which you can easily turn off via F12 -> Send Referrer Information. That's a good idea to prevent sites you visit from knowing where you've been, actually.
"I just remembered something that happened a long time ago."
why not people not write browser version and OS for their testes ?Code:1. PASS postMessage API 2. PASS JSON.parse API 3. PASS toStaticHTML API 4. PASS httpOnly cookie API 5. PASS X-Frame-Options 6. PASS X-Content-Type-Options 7. PASS Block reflected XSS 8. PASS Block location spoofing 9. PASS Block JSON hijacking 10. PASS Block XSS in CSS 11. FAIL Sandbox attribute 12. FAIL Origin header 13. PASS Strict Transport Security 14. PASS Block cross-origin CSS attacks 15. FAIL Content Security Policy 16. PASS Cross Origin Resource Sharing 17. PASS Block visited link sniffing
ff 3.6.13 xp sp3
Any idea to fix 11 & 12 & 15 (need to be more secure) ?!!
Last edited by mmmmm; 11.01.11 at 21:14.
Busy , new things always comes
Its the time for personal life ,Still here from time to time, Greeting for everybody All .
Its easy way to capture the announces :-
Tutorial how use SmartSniff to Capture announces for Bittorrent
noscript dös a great job. all off by default and if i feel that a site dösn't work as it should i can enable it with one click. either temp. or perm.
but i rarely use multimedia stuff and those mentioned fat sites are so much nicer and faster without js
Your account has been disabled.
here is my test---->FF 3.6.13--->Win 7 32bit
7 FAILS :(Code:1. PASS postMessage API 2. PASS JSON.parse API 3. FAIL toStaticHTML API 4. PASS httpOnly cookie API 5. PASS X-Frame-Options 6. FAIL X-Content-Type-Options 7. FAIL Block reflected XSS 8. PASS Block location spoofing 9. PASS Block JSON hijacking 10. PASS Block XSS in CSS 11. FAIL Sandbox attribute 12. FAIL Origin header 13. FAIL Strict Transport Security 14. PASS Block cross-origin CSS attacks 15. FAIL Content Security Policy 16. PASS Cross Origin Resource Sharing 17. PASS Block visited link sniffing
Last edited by ErRor; 11.01.11 at 23:19.
Bookmarks