On Mon, Sep 02, 2002 at 08:06:44PM +0100, Matthew Toseland wrote:
> If you insert a page of HTML as text/plain, it will not be filtered,
> being a 'safe' content-type. However, M$IE (tested a fairly recent
> version - somewhere between 5 and 6 inclusive), will recognize the HTML,
> and render it. So... we need to have loud warnings not to use IE, all
> over the place, in the README, but especially, we need fproxy to scan
> for IE's header signature, and if detected bring up a clickthrough page
> (like for new build versions, make it a bit more stubborn - force users
> to copy a URL into the address bar by hand would do it), explaining all
> this if it detects M$IE using it. Alternatively, we could filter out bad
> HTML/CSS regardless of the supposed MIME type.
One method would be simply to detect M$IE's host string and have
fproxy return a screen basically saying that M$IE is basically
insecure and thus cannot be used with fproxy; also, such a screen
should direct the user to a number of other clients that can be used
in lieu of M$IE, such as Mozilla. This method would basically force
people to not use M$IE with fproxy and would direct them to a client
they could securely use with fproxy rather than simply frustrating the
user.
--
Yes, I know my enemies.
They're the teachers who tell me to fight me.
Compromise, conformity, assimilation, submission, ignorance,
hypocrisy, brutality, the elite.
All of which are American dreams.
- Rage Against The Machine
_______________________________________________
devl mailing list
devl at freenetproject.org
http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/devl
