If you could get it to work in a link, it would make for a good
exploit... "Click here to read the help file for this application."
Have that link to a malware-enabled website or something similar, and
you've got another unsuspecting user infected.
On the other hand, you could just create a link that /appears/ to be
pointing to a help:// url...
<.html>
<.head>
<.script language='javascript1.2'>
function loadWin(){
window.open('http://www.google.com/','Help for
[product]','resizable=yes,width=500,height=400, top=10, left=10');
}
<./script>
<./head>
<.body>
<.a href="javascript:loadWin()"
title="help://www.product.com/help">Read the help file</a>
<./body>
<./html>
I tried to make the statusbar reflect the apparent help:// url, but
couldn't remember how (despite a quick google).
While it's unlikely most users would even notice the help:// part,
those who do would simply assume it's some weird thing like ftp://...
they don't know what it does, but it apparently works.
--
[stlst]
Received on Jul 08 2004
Intro
