[thelist] Putting code into e-mail

Jeff Howden jeff at jeffhowden.com
Wed Jul 2 19:42:52 CDT 2003


scott,

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> From: Scott Brady
>
> Because I generally don't trust e-mail (nor do I trust
> strange web sites).  And, it's not just security issues
> with JS.  If I don't trust the e-mail, I don't open it,
> because it can be spam with web bugs in it.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

but you're equating security precautions for email to web content.  they're
far from the same thing.  the same kind of scripting that can execute in
one, cannot in another (unless you explicitly change the settings to match).

if it's webbugs you're concerned about in web-based email, disable images
before reading email.

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> So, when I'm opening any e-mail, if I don't know the
> source, I delete it.  [on a non-webmail system, I
> right-click it and look at the headers to make sure
> first].
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

how do you know you're not deleting a contact from a potential client?

><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
> Since I inherently trust e-mail from [thelist], I tend
> to not be concerned as much.
><><><><><><><><><><><><><><><><><><><><><><><><><><><><><

i'd like to know why things like the following code snippet aren't being
escaped in plain-text email so they don't get treated as html in a non-html
email.

<script>
  window.opener = self;
  window.close();
</script>

.jeff

——————————————————————————————————————————————————————
Jeff Howden - Web Application Specialist
Résumé - http://jeffhowden.com/about/resume/
Code Library - http://evolt.jeffhowden.com/jeff/code/




More information about the thelist mailing list