README: Describe another issue of -u.

author Simon Ruderich <simon@ruderich.org>

Mon, 9 Dec 2013 20:45:49 +0000 (21:45 +0100)

committer Simon Ruderich <simon@ruderich.org>

Fri, 27 Dec 2013 15:56:43 +0000 (16:56 +0100)
author Simon Ruderich <simon@ruderich.org>
Mon, 9 Dec 2013 20:45:49 +0000 (21:45 +0100)
committer Simon Ruderich <simon@ruderich.org>
Fri, 27 Dec 2013 15:56:43 +0000 (16:56 +0100)
diff --git a/README b/README

index b0124c1279b961ebf6bdf064ff8f28ee3780296d..1e1efa7f76e8c90808fc5f1a6d419da3f806d88d 100644 (file)
--- a/README
+++ b/README
@@ -91,6 +91,11 @@ If you always verify the authentication of the connection this isn't a
  problem, but if you only check if it's a HTTPS connection then this attack is
  possible.
  
+Another issue is embedded active content, like JavaScript. If the website
+includes data from a different host (e.g. a different sub-domain), for which
+tlsproxy has no certificate, then an attacker can MITM that connection and
+inject JavaScript with unknown consequences into the browser.
+
  
  KNOWN ISSUES
  ------------
author	Simon Ruderich <simon@ruderich.org>
	Mon, 9 Dec 2013 20:45:49 +0000 (21:45 +0100)
committer	Simon Ruderich <simon@ruderich.org>
	Fri, 27 Dec 2013 15:56:43 +0000 (16:56 +0100)