On Thu, Sep 05, 2002 at 03:02:06AM -0400, Dan Merillat wrote:
>
> Ian Clarke writes:
> >
> > --iFRdW5/EC4oqxDHL
> > Content-Type: text/plain; charset=us-ascii
> > Content-Disposition: inline
> > Content-Transfer-Encoding: quoted-printable
> >
> > Does this mean that the "view page source" link t
On Thu, Sep 05, 2002 at 03:02:06AM -0400, Dan Merillat wrote:
>
> Ian Clarke writes:
> >
> > --iFRdW5/EC4oqxDHL
> > Content-Type: text/plain; charset=us-ascii
> > Content-Disposition: inline
> > Content-Transfer-Encoding: quoted-printable
> >
> > Does this mean that the "view page source" link
Ian Clarke writes:
>
> --iFRdW5/EC4oqxDHL
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> Does this mean that the "view page source" link that comes up when the=20
> anonymity doesn't work in IE?
Yes. And the safest b
Ian Clarke writes:
>
> --iFRdW5/EC4oqxDHL
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> Does this mean that the "view page source" link that comes up when the=20
> anonymity doesn't work in IE?
Yes. And the safest
Committed a fix... we warn IE users, once per IP address, about this.
--
Matthew Toseland
mtoseland at blueyonder.co.uk
amphibian at sourceforge.net
Freenet/Coldstore open source hacker.
Looking for $coding.
-- next part --
A non-text attachment was scrubbed...
Name: not av
Committed a fix... we warn IE users, once per IP address, about this.
--
Matthew Toseland
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Freenet/Coldstore open source hacker.
Looking for $coding.
msg03784/pgp0.pgp
Description: PGP signature
Matthew Toseland writes:
> We would have to filter ALL documents of supposedly safe types.
Reportedly MSIE only subjects text/plain and application/octet-stream
to the mime-type second-guessing. So an image/jpeg should be always
treated as an image, even if it looks like html. I have no Exploder
Matthew Toseland <[EMAIL PROTECTED]> writes:
> We would have to filter ALL documents of supposedly safe types.
Reportedly MSIE only subjects text/plain and application/octet-stream
to the mime-type second-guessing. So an image/jpeg should be always
treated as an image, even if it looks like html
On Mon, Sep 02, 2002 at 12:14:43PM -0700, Ian Clarke wrote:
> Does this mean that the "view page source" link that comes up when the
> anonymity doesn't work in IE?
No, it means that the anonymity filter will pass through any "safe"
content types, and then IE will render the HTML anyway, being too
If you insert a page of HTML as text/plain, it will not be filtered,
being a 'safe' content-type. However, M$IE (tested a fairly recent
version - somewhere between 5 and 6 inclusive), will recognize the HTML,
and render it. So... we need to have loud warnings not to use IE, all
over the place, in t
On Mon, Sep 02, 2002 at 08:06:44PM +0100, Matthew Toseland wrote:
> If you insert a page of HTML as text/plain, it will not be filtered,
> being a 'safe' content-type. However, M$IE (tested a fairly recent
> version - somewhere between 5 and 6 inclusive), will recognize the HTML,
> and render it. S
On Mon, Sep 02, 2002 at 08:06:44PM +0100, Matthew Toseland wrote:
> If you insert a page of HTML as text/plain, it will not be filtered,
> being a 'safe' content-type. However, M$IE (tested a fairly recent
> version - somewhere between 5 and 6 inclusive), will recognize the HTML,
> and render it.
Does this mean that the "view page source" link that comes up when the
anonymity doesn't work in IE?
Perhaps a better approach is to treat the detection of *any* html in a
text/plain document as a potential threat and warn the user (being
careful to modify the "View page source" link since it w
On Mon, Sep 02, 2002 at 12:14:43PM -0700, Ian Clarke wrote:
> Does this mean that the "view page source" link that comes up when the
> anonymity doesn't work in IE?
No, it means that the anonymity filter will pass through any "safe"
content types, and then IE will render the HTML anyway, being to
Does this mean that the "view page source" link that comes up when the
anonymity doesn't work in IE?
Perhaps a better approach is to treat the detection of *any* html in a
text/plain document as a potential threat and warn the user (being
careful to modify the "View page source" link since it
If you insert a page of HTML as text/plain, it will not be filtered,
being a 'safe' content-type. However, M$IE (tested a fairly recent
version - somewhere between 5 and 6 inclusive), will recognize the HTML,
and render it. So... we need to have loud warnings not to use IE, all
over the place, in
16 matches
Mail list logo
