RE: data protocol: was RE: [xsl] node-setting() escaped text

Subject: RE: data protocol: was RE: [xsl] node-setting() escaped text
From: Américo Albuquerque <aalbuquerque@xxxxxxxxxxxxxxxx>
Date: Thu, 13 Feb 2003 14:58:23 -0000
Hi Bryan
You can do something like that in IE.
Try:
about:<html code>

try writing this in a html page :)

 Link: <a href="about:<p><b>Teste</b></p>" target=_new>Click
here</a>.<br>
 Link: <a href="about:<b>hello</b><br/><p
onclick=javascript:window.open('http://www.xml.com')>hello</p>"
target=_new>Click here</a>.<br>
 Link: <a
href="about:<script>location.href='http://www.xml.com';</script>"
target=_new>Click here</a>


-----Original Message-----
From: owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx
[mailto:owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of bryan
Sent: Thursday, February 13, 2003 2:22 PM
To: xsl-list@xxxxxxxxxxxxxxxxxxxxxx
Subject: data protocol: was RE: [xsl] node-setting() escaped text


>data:text/html,<b>hello</b>
>into netscape's location bar)

why do I think this is a security problem? Hmm 
data:text/html,<b>hello</b><br/><p
onclick="javascript:window.open('http://www.xml.com')">hello</p>

anyway it's interesting that it wasn't done as an app, asynchronous
pluggable protocol, if it were then one could launch mozilla from within
IE by calling the protocol, on the other hand as it wasn't this opens
the way up for an ie implementation. In fact it wouldn't be difficult at
all, of course as ie has enough security bugs...



 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list


 XSL-List info and archive:  http://www.mulberrytech.com/xsl/xsl-list


Current Thread