mailing list archives
From: Thomas Roeder <troeder () gmx-ag de>
Date: Tue, 12 Jun 2001 15:18:29 +0200
rudi carell < rudicarell () hotmail com > wrote:
like many other web-mail systems gmx.net has a problem filtering
java-script in html-based mail-messages.
the html - <img> tag can be used to embedd malicious java-scripts
thanks for letting us know. A workaround will go online in the next
minutes. I would like to add that we display HTML-based message
content in a special security window (called "Volldarstellung" = full
display mode) which doesn't contain the session ID of the logged in
user. Therefor it shouldn't be possible to compromise the users
account on our system by such tricks.
I agree though that it would be possible to open a relogin-trojan
which could be confusing to users with less security awareness. That's
the reason why we normally try to supress scripting code. That one
passed by us though ...
Greetings from Munich,
GMX AG, Product Management
- gmx.net rudi carell (Jun 11)
- <Possible follow-ups>
- Re: gmx.net Thomas Roeder (Jun 12)