[Esd-l] Fwd: Notepad popups in Internet Explorer and Outlook

John D. Hardin jhardin at impsec.org
Wed Aug 6 05:30:34 PDT 2003

On Wed, 6 Aug 2003, Marcus Williams wrote:

> On Wednesday, August 6, 2003, at 10:22, you wrote:
> > The link mentioned above is dead.
> Works fine here (via mozilla with no popups obviously).

Here, too.

> Works for me (IE6). Apparently works in an HTML email as well.

Their example for an automatic popup - an IMG tag with the source a
view-source URL - *will* be defanged by the sanitizer if you have
webbug defanging enabled, as would a bgsound or background image tag.

Regular links will not be defanged, but the recipient would have to
actually click on the link to open the file. hey would not open

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  ...the Fates notice those who buy chainsaws...
                                              -- www.darwinawards.com
   88 days until Matrix Revolutions

More information about the esd-l mailing list