Thus spake Brendan Eich:
> Not only are mailto: and news: URL methods verboten for form.submit()
> auto-submission via JavaScript, but Netscape 3.0 puts up a confirming
> dialog whenever a mailto: post-method form is submitted -- even without
> JavaScript, an HTML form could claim it was doing something benign when
> it was really sending mail. Users were one click away from losing their
> email addresses already.
Also, it was possible to get someone's email address up until 3.0 via
other means. If one were to include an inline image with the URL:
ftp://ftp.com.net/my.gif, the browser would send the email address as
part of the FTP login, which could then be retrieved from the logs.
Atlas has a button to disable sending email address as password for
anonymous FTP. Do MSIE or Mosaic or Lynx or ...?
Mike
--
#> Mike Shaver (shaver @
ingenia .
com) Information Warfare Division <#
#> Chief Tactical and Strategic Officer "Saepe fidelis" <#
#> <#
#> "I like your game, but we have to change the rules." -- Anon <#
#> <#
References:
|
|
