-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Christopher Smith wrote: > Brad Beyenhof wrote: >> Well, at decenturl.com you can add in your own custom title. It only >> defaults to the page's <title> if you don't manually enter anything. > > Ah, I missed that. Okay, so you trust the title as much as you trust the > sender then, not the host. Hmmm... I wonder if that makes my > rd.yahoo.com example exploitable.
Okay, I just tested it: http://decenturl.com/rds.yahoo/yahoo-buys-google I'm not sure how the "google" got in to the last rds case, which suggests decent URL still has some bugs to work out, but it does look like it at least lets you know that you are hitting Yahoo's redirector. - --Chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJ861OagjPOywMBARAoFrAJ9bAhx8KRXABPmHYGJExgVPcC6NYACg2g0O O0C3vrRmJ/dYOTbzfTCgXj0= =XnTJ -----END PGP SIGNATURE----- -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-lpsg
