Well, using a straight link like the following works in an HTML email... but not on a web page:
<a href="http://[EMAIL PROTECTED]">Microsoft</a> However, using this approach still allows the user to see the absolute URL path in the task bar (with the %01 ommitted). On the other hand... using the button and "unescape()" approach such as the original example from this thread works from a web page but not from an HTML email. ----- Original Message ----- From: "S G Masood" <[EMAIL PROTECTED]> To: "Exibar" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, December 09, 2003 1:00 PM Subject: Re: [Full-Disclosure] RE: FWD: Internet Explorer URL parsing vulnerability > > --- Exibar <[EMAIL PROTECTED]> wrote: > > my favorite will be this one that I'm sure will > > circulate: > > > > http://[EMAIL PROTECTED] > > > > :-) > > http://[EMAIL PROTECTED] > wont work until you > unescape('http://[EMAIL PROTECTED]'); > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html