[dev] Re: [cvs] commit: imp/lib/MIME/Viewer html.php
Jan Schneider
jan at horde.org
Wed Nov 26 15:22:30 PST 2003
Zitat von Michael M Slusarz <slusarz at bigworm.colorado.edu>:
> slusarz 2003/11/26 15:09:57 PST
>
> Modified files:
> lib/MIME/Viewer html.php
> Log:
> Comment out style tags only if we are viewing inline.
> Add link to view content in a separate window if viewing inline to
> allow HTML
> content to be seen with the provided CSS formatting.
I thought about exactly the same an hour ago. :-)
But I remembered JSSS from the good old NS 4 days, a way to define style
sheets with JavaScript syntax. I can't remember if that implied any
security issues (at least it sounds like so) but perhaps it's worth a check
if that might be reason to *always* filter out style tags.
Jan.
--
http://www.horde.org - The Horde Project
http://www.ammma.de - discover your knowledge
http://www.tip4all.de - Deine private Tippgemeinschaft
More information about the dev
mailing list