[linux-elitists] educational HTML mail needed

Heather star@betelgeuse.starshine.org
Wed Jul 19 00:38:49 PDT 2000


> 
> Can someone point me towards a particularly nasty piece of HTML? I'm
> on a mailing list apparently incredulous to the security issues with
> HTML rendering enabled as default.
> 
> If you could send me a little HTML nastygram which I can bounce on
> unchanged, that would be much appreciated. The more mailers/platforms
> it can take out, the better.

Well, there's always the NOTscape optimized site, which abuses some bugs in
NS' image parsing algorithms to make sites unusable and/or crash netscape.
Depending on your local security policy, crashes engineered by outsiders
might be a violation.

Javascript can often abuse interesting things.  Take a look at a javascript
archive site (www.developer.com ought to do) and see if any of the huge pile 
of offered scripts screams "privacy violation" at you.  Bet at least one does.

Don't even get me *started* on activeX violations sparked via an HTML 
mechanism.  Go directly to crackmonkey, do not pass "go", do not get to
litigate for damages re: your eaten data.

I feel fairly confident in letting lynx render my stuff, otoh I keep a tight
leash on metamail.  But lynx doesn't speak active foo.  

* Heather * IX. For every vengeance there is an equal and opposite revengeance.
		-- Esquire, "O'Donnell's Laws of Cartoon Motion", June 1980




More information about the linux-elitists mailing list