Ooops! I seem to have dropped a b*****ck here - didn't realise insight would
interpret text in the subject line as raw html! Didin't mean to break your
email,
and I'll never, ever do that again. Promise! <g>
If that's the case, is this a security hole, or more of an inconvenience ?
What I mean is that this implies anybody can send mail to insight user which
can affect its
functionality by using a 'incorrect' subject line : should more
fault-tolerance exist for
insight, then?
Obviously, users shouldn't have to edit the page source, although its likely
it was my fault anyway, as I may have re-edited the mail first (badly!)
before sending to the list.
Sorry again.
Z.
Date: Sun, 20 Aug 2000 04:15:52 -0400
From: "Clarence Verge" <[EMAIL PROTECTED]>
Subject: Re: Subject: Now straying wildly <g> : Arachne CGA and skips
On Sat, 19 Aug 2000 01:27:56 +0100, Neil Smith wrote:
It doesn't matter !
Look at the subject line. That <g> screws up Insight 3.5.
Both of the buttons "MOVE" and "TRASH" are inactivated !
All is ok when the <g> is deleted from the page source.
That looks like a security hole to me.
- - Clarence Verge
- - Using Arachne V1.62 for a change....
In a world without walls, who needs windows?
Visit my home site for more info:
http://www.fresh-toast.com/welcome.htm