anomy-bugs

• Previous message: Martijn de Vries: "content-id in multipart/related messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Anomy defangs the <style> and </style> tags. However, this leaves all
the style text in between exposed and it renders on the user's screen.
This can lead to a denial of service or possible a way for other
malicious tags to sneak by (I have not tested this hypothesis yet since
it is not the reason for my email).

My question is: Is there any harm in letting the style tags through
untouched? Is there a way to encode something malicious in the style
section? Other than simple annoyances like same color text and
background? Viruses? Exploits?

• Next message: Kees Cook: "two patches"
• Previous message: Martijn de Vries: "content-id in multipart/related messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]