Results 1 to 3 of 3

Thread: URL parsing

  1. Aug 20th, 2001, 01:51 PM #1
    filburt1
    filburt1 is offline

    Thread Starter
    Member filburt1's Avatar
    Join Date
    Aug 1999
    Posts
    6,935

    URL parsing



    Even when manually putting in the [url] tag, it still rewrites about:mozilla to use http://.
    TurtleTips.com | My Forums
    Reply With Quote Reply With Quote
  2. Aug 20th, 2001, 04:04 PM #2
    thinktank
    thinktank is offline
    Lively Member
    Join Date
    Jun 2001
    Location
    Banana Republic
    Posts
    115

    Re: URL parsing

    That's just a IE specific security issue - to prevent running malicious script.

    IE has a habit of dumping anything after the 'about:' prompt in to the document as if like a document.write action. So a malicious scripter can ruin your patience.

    Code:
    Without that spacing between about and :
 [url ]about:<body onload=%22while(true){alert('hi moron!')}%22></body>[/url]

will be converted to 
<a href="about:<body onload=%22while(true){alert('hi moron!')}%22></body>">Click me</a>

and that is going to be a pain for the unwary clicker.
    To see what I mean
    Download the attached page(change the extension and open it in IE).
    Attached Files Attached Files
    Last edited by thinktank; Aug 20th, 2001 at 04:13 PM.
    Reply With Quote Reply With Quote
  3. Aug 20th, 2001, 04:06 PM #3
    filburt1
    filburt1 is offline

    Thread Starter
    Member filburt1's Avatar
    Join Date
    Aug 1999
    Posts
    6,935
    Hmm, that would be a bad thing to run.
    TurtleTips.com | My Forums
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


Click Here to Expand Forum to Full Width