Allow ..... Tags = disarm
Kevin Spicer
kevins at BMRB.CO.UK
Wed Nov 5 15:40:00 GMT 2003
On Wed, 2003-11-05 at 15:07, Furnish, Trever G wrote:
>What's the point of disarming input tags when form tags are taken out?
>An input without a form does nothing.
>Changing the type of buttons seems like a very bad idea to me - I can
>easily
>imagine a lot of confusion resulting and it doesn't seem like a useful
>change.
I can easily imagine a lot of confusion when users click 'Submit' and
nothing happens because the form tags disappear. Are there really
legitimate reasons for sending forms by email? (By legitimate I mean
reasons why people would actually want to recieve a form in an email?)
Scripts of any kind in email are a bad thing, Its pretty trivial to
write javascript (or VB script probably) which attaches itself to an
object (say a button or hyperlink) without including an on.... event in
the tag. Ideally we should remove all on..... attributes from all tags
and disarm all script tags - but maybe this is getting too much?
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
More information about the MailScanner
mailing list