From: "Richard Dobson" <[EMAIL PROTECTED]> > I think that is a remote possiblity and even if it does it is the sign of a > badly programmed client and not a fault with the protocol.
exactly I doubt that a nested iq or message element could be exploited to run anything - it wouldn't be recognized by the server and isn't relevant to HTML. A bigger concern IMO would be common script , object , img tag, and buffer overflow, exploits where the client is using the Web Browser Control a/o MSHTML. You'd have the same vulnerabilities as the installed version of IE. _______________________________________________ jdev mailing list [EMAIL PROTECTED] http://mailman.jabber.org/listinfo/jdev