Re: [Evolution-hackers] Security Bug in HTML

[guenther <guenther rudersport de>]

> > Evolution must display the href value in the statusbar while the mouse
> > is over the link. Evolution either must display this value unaltered
> > (easy) or decode it correctly to display the real target URL (harder, as
> > this may depend on some browser logic). Evolution must pass the string
> > as-is, unaltered in any way to the browser.
> 
> What I really wonder is if Evolution 1.5.1 will be able to decode your signature:
> char *t="\10pse\0r\0dtu\0  ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
> main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
> (c=*++x); c&128 &&(s+=h);if(!(h>>=1)||!t[s+h]){putchar(t[s]);h=m;s=0;}}}
> 
> to your email ...

Likely not -- as Evolution fortunately does not interpret any language
or active content in mails. ;-)

btw: Compiling this code and seeing the boring output is just the first
step. Try to understand it and name the standard algorithm that those
two lines of C code implement... ;-))

...guenther


-- 
char *t="\10pse\0r\0dtu\0  ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}