I'm guessing you may have been referring to something like:
http://kestas.kuliukas.com/JavaScriptImage/ - this actually does seem
to be a valid threat to IE6 and would go undetected by the measures
proposed. Checking an image for <script> tags seems to the only way to
check if IE6 will render it as html and whether or not it will cause

I don't know if the same vulnerability exists for pdfs - you'd have to
check security sources for it.


WWW: http://plphp.dk / http://plind.dk
LinkedIn: http://www.linkedin.com/in/plind
BeWelcome/Couchsurfing: Fake51
Twitter: http://twitter.com/kafe15

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to