mailing list archives
From: Adam Lydick <lydickaw () ruffledpenguin org>
Date: Fri, 14 May 2004 19:20:09 -0700
I certainly agree with that. It is mostly significant because that
misfeature can be removed without violating explicit standards. I
believe a recent update to internet explorer does remove this capability
from http links.
On Fri, 2004-05-14 at 12:05 +0100, Griffiths, Ian wrote:
I wasn't aware of this Adam.
It is certainly supported in enough browser to be significant.
From: Adam Lydick [mailto:lydickaw () ruffledpenguin org]
Sent: Fri 14/05/2004 05:55
To: Griffiths, Ian
Cc: webappsec () securityfocus com
Subject: RE: Phishing
while the generic description of URLs in an
earlier RFC allows for "user@", the use of it is on a
protocol-by-protocol basis and HTTP urls do not permit its use.)
- Re: Phishing, (continued)