Re: [IMail Forum] Old Hack on Hotmail seems to work on iMail web users...

[Joshua Levitsky]

So basically if ipswitch had a checkbox on the webmessaging service that said like "Allow embeded Scripts" and you could check or uncheck it then that would make this issue go away... no?   -Josh ----- Original Message ----- From: Ron Hornbaker To: [EMAIL PROTECTED] Sent: Saturday, March 16, 2002 9:36 PM Subject: RE: [IMail Forum] Old Hack on Hotmail seems to work on iMail web users... No, the smart thing would be for iwebmsg to rip them out server-side. Ripping them out client-side with the templates is going to be hella-hard (if not impossible, esp. cross-browser), since all we've got to work with is JavaScript, HTML, and a single IMail tag.   -Ron -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joshua Levitsky Sent: Saturday, March 16, 2002 8:29 PM To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] Old Hack on Hotmail seems to work on iMail web users... wow... hummm.... so basically the smart thing would be for KillerWebmail and the default stuff to not permit <script> tags in mail. Just to rip them out in the display process. No?   -Josh ----- Original Message ----- From: Norman J. Nolasco To: [EMAIL PROTECTED] Sent: Saturday, March 16, 2002 3:40 PM Subject: RE: [IMail Forum] Old Hack on Hotmail seems to work on iMail web users... Hi again,   I put up a new version of the email generator at http://209.16.59.28/test.asp   It can now send the same type of email to KillerWebMail users, as well as default template users.  Again, even if the login screen doesn't use the same template, all a malicious user has to do is cut&paste the HTML off the login page onto their own version.   Norman Nolasco Advarion Incorporated