:)
Printable View
:)
You are asking to open a security hole, right ???
Both, or just one?Quote:
Originally posted by Wynd
Re: Please make it so we can attach .html and .html files
Anyway, just c&p the HTML to a text file, and away you go.
Rjlohan, that should be .htm and .html files. TT, I don't want to open a security hole, I just don't think I should have to rename .htm* files to .asp just to be able to attach them. How would having that create a security hole anyway?
Suppose a person with a malicious intent attaches a html file(loaded with javascript stuff) and you click to open it.Quote:
Originally posted by Wynd
How would having that create a security hole anyway?
the url of the file would be something like....
http://www.vbforums.com/attachment.php?s=&postid=######
the browser will see this as a page belonging to the domain
www.vbforums.com. The script can then read your vbforums cookies, password information and secretly make a request (such as downloading an image) to the perpetrator's site pushing the stolen info with the querystring . The perpetrator can then create a cookie with this info in his computer and can impersonate you.