

The Extended HTML Form attack revisited - sandrogauci
http://enablesecurity.com/2008/06/18/the-extended-html-form-attack-revisited/

======
pmjordan
I'm wondering if this could be prevented by considering different ports as
different domains in the context of cookies and scripts, rather than blocking
port numbers. I know that would raise an issue when mixing HTTP and HTTPS, but
I was under the impression that such mixing already is locked down.

Thoughts?

