Olaf Titz wrote: > > In article <37DCF0FE.908E4B4Fat_private> you write: > > Note: This is not a browser problem, it is Hotmail's problem. > > It is a browser problem, at least for the Netscape version. I continue to think this is NOT a browser problem. In both Netscape and Internet Explorer the behaviour of executing JavaScript via STYLE tag is fully documented, check the documentation. The fact that Hotmail does not filter this kind of JavaScript is a Hotmail's problem. > > > <P STYLE="left:expression(eval('alert(\'JavaScript is > > executed\');window.close()'))" > > > One could argue that styles can be computed via Javascript... > This definitely works, I have tried it numerous times. The same may be reproduced by: <A HREF="#" STYLE="left:(expression(...))">link</A> and in many other cases. > > <STYLE TYPE="text/javascript"> > > ...but that is ridiculous. The browser should simply ignore a > stylesheet of an unknown type, there is a reason for the type > parameter after all. (Unless it is a deliberate feature that you can > substitute STYLE for SCRIPT, which I somehow doubt.) > Again, this behaviour is fully documented in Netscape's documentation. Regards, Georgi
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:03:56 PDT