Bugtraq mailing list archives
Re: Malicious-HTML vulnerabilities at deja.com
From: dan-bugtraq () DILVISH SPEED NET (Dan Harkless)
Date: Mon, 20 Mar 2000 12:16:25 -0800
Geert Altena <geert () uttnarag tn utwente nl> writes:
http://www.deja.com/getdoc.xp?AN=591804116Comes out as (copy/paste from netscape): ------------Forum: alt.test Thread: </title><script src="http://www.in-design.com/~nsmart/foo.js"></script><body onLoad="return bar()"> Message 1 of 1Subject: </title><script src="http://www.in-design.com/~nsmart/foo.js"> </script><body onLoad="return bar()"> Date: 03/01/2000 Author: regkey <regkey () yahoo com> -------------- I have javascript enabled, no popup.
Perhaps they fixed the default viewing format, but they didn't fix the "Deja Classic" interface, which is what I use (as I can't stand the new design). Try: http://www.deja.com/=dnc/getdoc.xp?AN=591804116 At least with Netscape Communicator 4.7 (on NT) that definitely makes a popup. Didn't try the redirection one:
Redirection using meta tag: http://www.deja.com/getdoc.xp?AN=591833344
but I suspect the same is true there. ---------------------------------------------------------------------- Dan Harkless | To prevent SPAM contamination, please dan-bugtraq () dilvish speed net | do not mention this private email SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
Current thread:
- Re: Malicious-HTML vulnerabilities at deja.com Dan Harkless (Mar 20)