Subject: RE: data protocol: was RE: [xsl] node-setting() escaped text From: Américo Albuquerque <aalbuquerque@xxxxxxxxxxxxxxxx> Date: Thu, 13 Feb 2003 14:58:23 -0000 |
Hi Bryan You can do something like that in IE. Try: about:<html code> try writing this in a html page :) Link: <a href="about:<p><b>Teste</b></p>" target=_new>Click here</a>.<br> Link: <a href="about:<b>hello</b><br/><p onclick=javascript:window.open('http://www.xml.com')>hello</p>" target=_new>Click here</a>.<br> Link: <a href="about:<script>location.href='http://www.xml.com';</script>" target=_new>Click here</a> -----Original Message----- From: owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx [mailto:owner-xsl-list@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of bryan Sent: Thursday, February 13, 2003 2:22 PM To: xsl-list@xxxxxxxxxxxxxxxxxxxxxx Subject: data protocol: was RE: [xsl] node-setting() escaped text >data:text/html,<b>hello</b> >into netscape's location bar) why do I think this is a security problem? Hmm data:text/html,<b>hello</b><br/><p onclick="javascript:window.open('http://www.xml.com')">hello</p> anyway it's interesting that it wasn't done as an app, asynchronous pluggable protocol, if it were then one could launch mozilla from within IE by calling the protocol, on the other hand as it wasn't this opens the way up for an ie implementation. In fact it wouldn't be difficult at all, of course as ie has enough security bugs... XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list XSL-List info and archive: http://www.mulberrytech.com/xsl/xsl-list
Current Thread |
---|
|
<- Previous | Index | Next -> |
---|---|---|
data protocol: was RE: [xsl] node-s, bryan | Thread | RE: data protocol: was RE: [xsl] no, bryan |
Re: [xsl] Sub: returning unique no, Agnes Kielen | Date | RE: data protocol: was RE: [xsl] no, bryan |
Month |