Please make it so we can attach .html and .html files

Printable View

Feb 5th, 2002, 06:37 PM
Wynd

Please make it so we can attach .html and .html files

:)
Feb 6th, 2002, 01:33 AM
thinktank2

You are asking to open a security hole, right ???
Feb 6th, 2002, 05:56 AM
rjlohan

Re: Please make it so we can attach .html and .html files

Quote:

Originally posted by Wynd
Re: Please make it so we can attach .html and .html files

Both, or just one?

Anyway, just c&p the HTML to a text file, and away you go.
Feb 6th, 2002, 07:18 PM
Wynd

Rjlohan, that should be .htm and .html files. TT, I don't want to open a security hole, I just don't think I should have to rename .htm* files to .asp just to be able to attach them. How would having that create a security hole anyway?
Feb 7th, 2002, 12:38 PM
thinktank2

Quote:

Originally posted by Wynd
How would having that create a security hole anyway?

Suppose a person with a malicious intent attaches a html file(loaded with javascript stuff) and you click to open it.

the url of the file would be something like....

http://www.vbforums.com/attachment.php?s=&postid=######

the browser will see this as a page belonging to the domain
www.vbforums.com. The script can then read your vbforums cookies, password information and secretly make a request (such as downloading an image) to the perpetrator's site pushing the stolen info with the querystring . The perpetrator can then create a cookie with this info in his computer and can impersonate you.