[thelist] Putting code into e-mail

Scott Brady evolt at scottbrady.net
Wed Jul 2 19:14:50 CDT 2003


----- Original Message ----- 
From: "Jeff Howden" <jeff at jeffhowden.com>

> what's the reasoning for that?  yes, the content originated as an email,
but
> you're viewing it as a webpage which means the scripting must adhere to
> whichever security zone/level you have set for that site, unlike email
which
> can execute the script in the local zone (unless explicitly set to
> restricted, the recommended practice), a zone almost devoid of
restrictions.

Because I generally don't trust e-mail (nor do I trust strange web sites).
And, it's not just security issues with JS.  If I don't trust the e-mail, I
don't open it, because it can be spam with web bugs in it.

So, when I'm opening any e-mail, if I don't know the source, I delete it.
[on a non-webmail system, I right-click it and look at the headers to make
sure first].  Since I inherently trust e-mail from [thelist], I tend to not
be concerned as much.

Unless someone puts "document.p rint();" in it :)

Scott

-------------------------------------------
Scott Brady
http://www.scottbrady.net




More information about the thelist mailing list