@irsdl
So you load your pdf from http://mysite.com/read.pdf and read the content of http://facebook.com ?
@irsdl @insertScript for same-origin requests with XFA in a content-sniffed <object> tag
-
-
@avlidienbrunn@irsdl@insertScript I tried <embed> and <object> in IE. Both won't sniff pdf :O -
@filedescriptor@irsdl@insertScript works for me, ie11 reader xi -
@avlidienbrunn@filedescriptor@insertScript Can this issue be completely rectified by using the content-disposition header? -
@irsdl@filedescriptor@insertScript yeah it seems. Also, HFA can send PUT so CSRF PUT is possible using it -
@avlidienbrunn@filedescriptor@insertScript I am wondering if there is any CrLf in this area. Looking for a simple dynamic PDF now :)
End of conversation
New conversation -
-
-
@avlidienbrunn@insertScript this is interesting... I have to try that myself later but a PoC will be very welcomedThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.