On March 5, 2003 at 18:41, "Edward Wildgoose" wrote: > I really need to think about how to let them keep the functionality, because > to a large extent they don't/needn't care about Outlook bugs... I wonder if > most browsers would display this correctly if I completely removed the > erroneous "height" tag and just left the width tag?
Then the image would be displayed with natural height of the image, probably causing a even larger distortion. > Also, apologies for my ignorance, but what sort of XSS vulnerabilities do I > expose myself to if there is a password protected update mechanism. Is the > risk that a particular user could upload something nasty for when another > user views it? Correct. It all comes to a matter of much you trust the sender of the message. Since anyone can view the archived message, a person could include scripting in an attempt to steal information, like a cookies from those who view the message. > Also, is it easy for me to modify the code to allow limited style tags to be > available? Depends on what you want to limit. Ideally, you want to avoid having to do full CSS syntax parsing. > Can you point me to the relevant lines please? (Perhaps I could > use a regexp to allow only style tags with height and width attributes?) See mhtxthtml.pl. --ewh --------------------------------------------------------------------- To sign-off this list, send email to [EMAIL PROTECTED] with the message text UNSUBSCRIBE MHONARC-USERS
