Re: XSS on Yahoo Mail
alireza hassani wrote:
>--- Will Wesley <willwesleyccna@xxxxxxxx> wrote:
>
>
>>Anyway, a solution is really quite simple.
>>Allow users to disable HTML in their email, or why
>>
>>
>not by >default?
>
>Don't you think this is not a real solution?
>User must be safe to use any option and also full
>performances.
>
>
This HTML stuff should be allowed, but controlled - similar to on blogs.
Unfortunately I have found very bad hole in the compose mail section of
yahoo when HTML is on, but that just means that they should filter
better for HTML features.
>Alireza Hassani (http://www.kapda.ir)
>
>
>
>
>__________________________________
>Yahoo! Music Unlimited
>Access over 1 million songs. Try it free.
>http://music.yahoo.com/unlimited/
>
>
>
>
--
Best Regards,
Lance James
Secure Science Corporation
www.securescience.net
Author of 'Phishing Exposed'
http://www.securescience.net/amazon/
Find out how malware is affecting your company: Get a DIA account today!
https://slam.securescience.com/signup.cgi - it's free!