Please make it so we can attach .html and .html files

**Wynd** · Feb 5th, 2002, 06:37 PM

**thinktank2** · Feb 6th, 2002, 01:33 AM

You are asking to open a security hole, right ???

**rjlohan** · Feb 6th, 2002, 05:56 AM

Originally posted by Wynd
Re: Please make it so we can attach .html and .html files

Both, or just one?

Anyway, just c&p the HTML to a text file, and away you go.

**Wynd** · Feb 6th, 2002, 07:18 PM

Rjlohan, that should be .htm and .html files. TT, I don't want to open a security hole, I just don't think I should have to rename .htm* files to .asp just to be able to attach them. How would having that create a security hole anyway?

**thinktank2** · Feb 7th, 2002, 12:38 PM

Originally posted by Wynd
How would having that create a security hole anyway?

Suppose a person with a malicious intent attaches a html file(loaded with javascript stuff) and you click to open it.

the url of the file would be something like....

http://www.vbforums.com/attachment.php?s=&postid=######

the browser will see this as a page belonging to the domain
www.vbforums.com. The script can then read your vbforums cookies, password information and secretly make a request (such as downloading an image) to the perpetrator's site pushing the stolen info with the querystring . The perpetrator can then create a cookie with this info in his computer and can impersonate you.

Thread: Please make it so we can attach .html and .html files

Thread Tools

Display

Please make it so we can attach .html and .html files

Re: Please make it so we can attach .html and .html files

Posting Permissions