View Full Version : Java script in yahoo mail

01-03-2006, 10:07 AM
Somebody can help me with this issuse. I tried to send my own java script in yahoo mail but it doesn't work. how I can make them work???????

01-03-2006, 04:41 PM
I don't believe it's allowed in Yahoo, because of cross-site scripting issues.
If you were to open an email containing malicious Javascript in your Yahoo account, that script could redirect you to a malicious site and transfer all your session cookies via GET variables. These cookies would include your Yahoo session ID, which a server-side script on the malicious host could then use to control your Yahoo account until your session expired, and possibly change the password on it to something the malicious site's owner could then use to log on (or perhaps not; it depends how Yahoo authenticates password changes).

01-06-2006, 08:31 AM
Oh I see thanks sir for clearing my facts!!!!!!!