Re: [Evolution-hackers] Security Bug in HTML

From: guenther <guenther rudersport de>
To: Rodney Dawes <dobey ximian com>
Cc: Iñigo Serna <inigoserna terra es>, evolution-hackers ximian com
Subject: Re: [Evolution-hackers] Security Bug in HTML
Date: Sun, 11 Jan 2004 19:10:48 +0100

On Sun, 2004-01-11 at 19:05, Rodney Dawes wrote:
> On Die , 2004-01-11 at 12:56, guenther wrote:
> > I really dunno, what standard breaking you are referring to.
> 
> > (Evolution must *not* change the clear text value between the opening
> > and closing Anchor tag in any way to display the href value. ;-)
> 
> This is what I was referring to being broken. It was suggested that
> GtkHTML should do this.

Oh, in this case:  Full ack.

As I tried to explain with the differences between the rendered HTML
mail in question and the IE security bug.

...guenther


-- 
char *t="\10pse\0r\0dtu\0  ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

References:
- [Evolution-hackers] Security Bug in HTML
  - From: Iñigo Serna
- Re: [Evolution-hackers] Security Bug in HTML
  - From: guenther
- Re: [Evolution-hackers] Security Bug in HTML
  - From: Rodney Dawes
- Re: [Evolution-hackers] Security Bug in HTML
  - From: guenther
- Re: [Evolution-hackers] Security Bug in HTML
  - From: Rodney Dawes

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]