Jotform: please help me understand an already-closed topic…

• 

  sfmga · Member · Aug 24, 2008 at 7:58 pm

  • Copy link
  • Add topic to favorites

  I refer to this thread: https://en.forums.wordpress.com/topic/using-jotform?replies=9#post-42538

  I use jotform on a couple websites. If a “static” page on WP were to include a jotform link, the WP server would not at all be involved in the transaction: totally between client and jotform host.

  WP.com is such a beeeuuutiful (and I would call it, “grown up”) alternative to blogger! I, a newbie, most humbly ask why a jotform link (passed in the form of a client-executed javascript) should not be allowed? (i.e., the “philosophy” involved…)

• 

  deltafoxtrot · Member · Aug 24, 2008 at 8:03 pm

  • Copy link

  E.g.: If a browser turned out to be vulnerable, malicously coded javascript could be used to steal login cookies. That would allow an attacker to use that cookie for logging in and wreaking havoc.

  It is NOT common, but it can happen anytime. On a big platform like wp.com it may happen even faster without staff being able to act fast enough.

• 

  sfmga · Member · Aug 24, 2008 at 11:00 pm

  • Copy link

  Is this to say that the *ability to login* itself (and the information required to do so), is indicated by the contents of cookies?