| Revision as of 00:22, 6 December 2005 edit84.230.129.44 (talk) wikified← Previous edit | Latest revision as of 21:01, 2 March 2024 edit undoHeyElliott (talk | contribs)Extended confirmed users119,124 edits MOS:FIRSTTag: 2017 wikitext editor | ||
| (83 intermediate revisions by 67 users not shown) | |||
| Line 1: | Line 1: | ||
| {{ref improve|date=September 2012}} | |||
| {{wikify}} | |||
| '''What''' '''You''' '''Cache''' '''Is''' '''What''' '''You''' '''Get''' ('''WYCIWYG''') is a ] commonly displayed in the address bar of ]-based ]s like ] as {{mono|wyciwyg://}} when the ] is retrieving ] information. WYCIWYG is a play on the related acronym ] (What You See Is What You Get). | |||
| {{cleanup-tone}} | |||
| '''WYCIWYG''' stands for "'''What You Cache Is What You Get'''". It's a ] scheme specific to the Mozilla family of web browsers which indicates that a link should be preferentially fetched from cache instead of from the web server. | |||
| ==Usage== | |||
| It sounds similar to, but isn't the same thing as, ] | |||
| Mozilla Firefox implements a registered, strictly internal {{mono|wyciwyg}} URI scheme to sort and later reference locally cached pages that were generated or modified by a script on the client side (a common practice for ] sites). | |||
| {{compu-soft-stub}} | |||
| {{web-stub}} | |||
| ==Security issues== | |||
| In 2007 ] reported that it was possible to bypass the same-origin checks and read from cached (wyciwyg) documents. It was possible at that time to access {{mono|wyciwyg://}} documents without proper same domain policy checks. This could have enabled an attacker to steal sensitive data, perform ] and execute their own code or display own content with URL bar and ] data of the original page (]).<ref></ref> This was fixed in ] 2.0.0.5 and ] 1.1.3.<ref></ref> | |||
| ==References== | |||
| <references/> | |||
| {{URI scheme}} | |||
| ] | |||
| ] | |||
| ] | |||
| ] | |||
Latest revision as of 21:01, 2 March 2024
 | This article needs additional citations for verification. Please help improve this article by adding citations to reliable sources. Unsourced material may be challenged and removed. Find sources: "WYCIWYG" – news · newspapers · books · scholar · JSTOR (September 2012) (Learn how and when to remove this message) |
What You Cache Is What You Get (WYCIWYG) is a Uniform Resource Identifier (URI) scheme commonly displayed in the address bar of Gecko-based Web browsers like Mozilla Firefox as wyciwyg:// when the Web browser is retrieving cached information. WYCIWYG is a play on the related acronym WYSIWYG (What You See Is What You Get).
Usage
Mozilla Firefox implements a registered, strictly internal wyciwyg URI scheme to sort and later reference locally cached pages that were generated or modified by a script on the client side (a common practice for Web 2.0 sites).
Security issues
In 2007 Michał Zalewski reported that it was possible to bypass the same-origin checks and read from cached (wyciwyg) documents. It was possible at that time to access wyciwyg:// documents without proper same domain policy checks. This could have enabled an attacker to steal sensitive data, perform cache poisoning and execute their own code or display own content with URL bar and SSL certificate data of the original page (URL spoofing). This was fixed in Firefox 2.0.0.5 and SeaMonkey 1.1.3.
References
- Firefox wyciwyg:// cache vulnerability demo – Michal Zalewski
- Mozilla Foundation Security Advisory 2007-24: Unauthorized access to wyciwyg:// documents
| Uniform Resource Identifier (URI) schemes | |
|---|---|
| Official | |
| Unofficial | |
| Protocol list | |