Steven M. Christey
coley at linus.mitre.org
Wed Sep 27 19:16:31 EDT 2006
I haven't looked too deeply into this, but XSS is probably the tip of the
iceberg. Any language that mixes code and data is going to be subject to
these kinds of problems.
However, in this particular term, they seem to be talking about script
that's downloaded in one execution context, but launched in another.
Replace "context" with "zone" or "domain" and the concept's probably the
same. So, you download a movie that has embedded code. You then launch
it from your local system, and the code runs in the local context.
There's an article here:
Hmmm, this looks like a pretty interesting site in general.
More information about the VIM