Allow ..... Tags = disarm

Julian Field mailscanner at ecs.soton.ac.uk
Wed Nov 5 16:00:18 GMT 2003 

At 15:40 05/11/2003, you wrote:
>On Wed, 2003-11-05 at 15:07, Furnish, Trever G wrote:
>
> >What's the point of disarming input tags when form tags are taken out?
> >An input without a form does nothing.
>
> >Changing the type of buttons seems like a very bad idea to me - I can
> >easily
> >imagine a lot of confusion resulting and it doesn't seem like a useful
> >change.
>
>I can easily imagine a lot of confusion when users click 'Submit' and
>nothing happens because the form tags disappear.  Are there really
>legitimate reasons for sending forms by email?  (By legitimate I mean
>reasons why people would actually want to recieve a form in an email?)

In which case set it to no instead of disarm.

>Scripts of any kind in email are a bad thing, Its pretty trivial to
>write javascript (or VB script probably) which attaches itself to an
>object (say a button or hyperlink) without including an on.... event in
>the tag.  Ideally we should remove all on..... attributes from all tags
>and disarm all script tags - but maybe this is getting too much?

I don't like dictating how people run their systems. I could write a
general-purpose disarmer as someone suggested, but it would be slow due to
the way HTML::Parser works (it would a function call for all the tags in
all the messages in all the bars in all the world) (Apologies for abusing
Humphrey Bogart :-)





>BMRB International
>http://www.bmrb.co.uk
>+44 (0)20 8566 5000
>_________________________________________________________________
>This message (and any attachment) is intended only for the
>recipient and may contain confidential and/or privileged
>material.  If you have received this in error, please contact the
>sender and delete this message immediately.  Disclosure, copying
>or other action taken in respect of this email or in
>reliance on it is prohibited.  BMRB International Limited
>accepts no liability in relation to any personal emails, or
>content of any email which does not directly relate to our
>business.

--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654

More information about the MailScanner mailing list