> > > > > >As a final thought, couldn't we just work around deficiencies like > > >that? What happens if you send "text/x-really-plain" instead? > > > > > >-- > > >Robbe > > > > As far as I've found IE really likes HTML, unless it pop's up a file > > download box it will try to interpret any HTML looking text in the file i'm > > afraid. > > If IE is detected, FProxy could make an HTML document with a large <TEXTAREA> > (say, 70 cols and 25 rows) and put the actual document in that. Surely IE > won't parse HTML inside a <TEXTAREA>. Or would it?
This is just a thought, but... If I wanted to be malicious I could simply add a </textarea> to the start of my documents, which would let me put in other HTML elements and have them processed in browsers that can process HTML. I'm sure this is a silly question, but if you can manipulate the text to add <textarea>'s, why not just run it through an HTMLEncode routine? I don't do java but something which has functionality similar to http://itext.sourceforge.net/docs/com/lowagie/text/html/HtmlEncoder.html Or just replace < and > with one of these set of similar looking characters (I think the last 2 are non-Unicode characters which can be shown in most browsers without prompting to download silly extra packs) ‹›??»«‹› _______________________________________________ devl mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/devl
