Youness Alaoui wrote: > Hi, > no need to strip that out of the nickname, as it's url encoded, and > no need for the messages sent as it's a > utf-8 message which can contain any binary...
well actually that's disallowed by the standard, regardless the encoding; btw, I've just tried and it seems like message was delivered (probably ms-xml parser is designed to allow these codes and they're prevented in PSM to avoid explots. Or... we've just find a security hole) > about the config being in xml, it's true, but I don't think anything > gets saved there that the user enters, > apart from the psm and paths and custom states... and yep, custom > states would have such bugs... so, a pair of places where the stripper should go for sure :P bye ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Amsn-devel mailing list Amsn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amsn-devel
