Re: [Evolution-hackers] Security Bug in HTML

[guenther <guenther rudersport de>]

On Sun, 2004-01-11 at 22:01, Lonnie Borntreger wrote:
> Sent this to the wrong email list.  Sorry.
> 
> On Sun, 2004-01-11 at 09:56, guenther wrote:
> > On Sun, 2004-01-11 at 18:44, Rodney Dawes wrote:
> > > However, breaking a standard
> > > in order to waste a bunch of space on an HTML page so the full url can
> > > be displayed in the HTML renderer, is silly.
> > 
> > I really dunno, what standard breaking you are referring to.
> 
> Unless I'm still misunderstanding, he said in his followup that he was
> talking about the link as shown in the BODY, not the status bar.  That
> should follow standard HTML rules and only show the text between the <a
> ....> and the </a>, NOT the actual link.  To actually show the href
> value in the BODY would not be following the HTML standard.

Yep, this is what I understood from Rodneys last mail, too. And we where
perfectly agreeing. ;-)  I just failed to get him in the first place.

However, as long as I got Iñigo straight, he was speaking about the fake
link (which is the href value) to show a misleading target URL. (Which
in fact is the only way to go, following HTML, as this value is no
hyperlink, but a string, which may contain something looking like an
URL.)

...guenther


-- 
char *t="\10pse\0r\0dtu\0  ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}