internet explorer view-source url

From: John C. Hennessy (johnhat_private)
Date: Mon Jun 10 2002 - 05:43:19 PDT

  • Next message: Kayne Ian (Softlab): "RE: Phone Switches + telephone banking etc"

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    Perhaps its just me but I see this as a potential problem. From what I can
    tell all versions of internet explorer 4 and above allow view-source urls.
    
    view-source:http://www.news.com
    
    This opens notepad or your default html editor with the source of the main
    page for news.com or any other site or page you specify.
    Here's another one.
    
    view-source:file:///boot.ini
    
    This opens notepad or your default html editor to the local boot.ini, if it
    exists. This could potentialy be embeded into various html tags causing the
    instance of notepad or other editor to be opened automaticlly. If the file
    specified does not exit notepad will ask to create it. If someone isn't
    paying attention they could hit enter and create the specified file.
    
    
    John C. Hennessy
    Information security analyst
    
    -----BEGIN PGP SIGNATURE-----
    Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
    
    iQA/AwUBPQSe5jfHYhhTZOYaEQImbwCfeXftE2boNT8Zt609MxX+V8kwoP0AnjeF
    zvc36IlY5wxrclj6ok8yKsw1
    =7apz
    -----END PGP SIGNATURE-----
    



    This archive was generated by hypermail 2b30 : Mon Jun 10 2002 - 10:48:59 PDT