[rt-devel] text/html -> text/plain cleverness.
J. Sloan
js138 at eng.cam.ac.uk
Fri Feb 28 12:10:44 EST 2003
On Fri, 28 Feb 2003, Jesse Vincent wrote:
> So, the reason that change is there is to stop a cross-site scripting
> attack. What advantages do you have displaying a message/rfc822 as
> text/plain?
The same - a message/rfc822 message with text/html attachments bypasses
the simple text/html check and displays as html (in mozilla certainly).
We have a queue for people to forward us spam (to aid filter tweaking) in
which we see quite a few of these.
John
More information about the Rt-devel
mailing list