DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17107>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17107 Should change sample printenv.pl in cgi-bin directory ------- Additional Comments From [EMAIL PROTECTED] 2003-02-16 15:42 ------- This can't really be changed to html because of potential problems with cross-site-scripting (XSS) that could allow people to steal cookies and do other nasty things. Unfortunately, those XSS problems exist on MSIE even with text/plain because it can be tricked into interpreting the content as text/html. But at least with text/plain, properly behaved browsers are not vulnerable. My opinion is that it is too dangerous to be activating printenv.pl in the default distribution. It should be removed, or at least deactivated with a big warning at the top. Other Apache developers have never seemed to really share my opinion, however. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
