[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev lynx 2.8.x - 'special URLs' anti-spoofing protection is

From: Leonid Pauzner
Subject: Re: lynx-dev lynx 2.8.x - 'special URLs' anti-spoofing protection is weak
Date: Mon, 22 Nov 1999 19:32:46 +0300 (MSK)

22-Nov-99 08:46 Klaus Weide wrote:
> Have a look at this...

>  <>
    !                                                         !^^^^^^^^
BTW, mail->html converter hosted at will not convert such URL
properly: anchor address/text are between ! and ! but the rest path
happen to be outside of <a>...</a>, see source below:

<!-- X-URL: -->
Have a look at this...


> That guy likes finding problems in lynx and not telling lynx-dev a word
> about it.
He was afraid posting to lynx-dev not being subscribed to the list.
Should we correct the text to avoid such [mis]understanding?

> Anyway, another reason for mistrusting the Farms Based Options.

Well, seems we need LYNXOPTIONS: page done without temp files but via
HTStreamStack(). Would this solve all the security issues in this area?
If yes - I could provide a patch (LYNXMESSAGES: was the recent example).

BTW, recently implemented tree-view at VisitedLinks page have an options
subpage _without_ any hidden security field and seems submitted OK.
Is it correct or am I misunderstand something (no code handy)?

> Old-style options do not have an 'anti-spoofing' problem.

>    Klaus

reply via email to

[Prev in Thread] Current Thread [Next in Thread]