Just paste it in a page. It means that a an URL can be camouflaged, for example, using this plain simple javascript function, bypassing the pretemded filter. Fortunately my concerns are that our users have a simple aid to not breaking the rule of not linking to external images. (This type of code would be a misuse, and certainly liable to prosecute.) Ausum Paul Winkler wrote:
Oliver Bleutgen wrote:
Just be careful Ausum, you might end in a world of pain if your users get ambitious:
<div onMouseover="document.write(unescape('%3c%69%6d%67%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%77%77%77%2e%7a%6f%70%65%2e%6f%72%67%2f%49%6d%61%67%65%73%2f%7a%6f%70%65%6c%6f%67%6f%2e%67%69%66%22%3e'))"> touch me </div>
What the heck does that do?
-- ................... paul winkler .................... custom calendars & printing: http://www.calendargalaxy.com A member of ARMS: http://www.reacharms.com home page: http://www.slinkp.com
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )