On Thu, Sep 05, 2002 at 03:02:06AM -0400, Dan Merillat wrote: > > Ian Clarke writes: > > > > --iFRdW5/EC4oqxDHL > > Content-Type: text/plain; charset=us-ascii > > Content-Disposition: inline > > Content-Transfer-Encoding: quoted-printable > > > > Does this mean that the "view page source" link that comes up when the=20 > > anonymity doesn't work in IE? > > Yes. And the safest bet would be to send it as text/html, wrap it in <PRE> and > HTMLescape all the < and > Tip of the iceberg. I am not going to code support for parsing text/plain in case it turns out to be HTML, especially as I want to make the anon filters opt-in rather than opt-out, which should be much safer. The point is not that the view page source link doesn't work, this is a minor side effect. The point is that text/plain would get passed through as safe in the first place, which is totally unacceptable. > > --Dan >
-- Matthew Toseland [EMAIL PROTECTED] [EMAIL PROTECTED] Freenet/Coldstore open source hacker. Looking for $coding (I'm cheap)
msg03807/pgp00000.pgp
Description: PGP signature
