This was the "Re: The Data Sanitization Plan" thread.
This mail is just to rename the thread, because the topic being
discussed now is independent of the Data Sanitization Plan (issue
#494), and I'd like to keep comments on the two separate.
Any comments on #494 are important now. Comments on what users
type/paste, etc (before it ever gets the libsvn_client api), are
important later.
(I have nothing to add to either thread right now. )
-K
Michael Wood <mwood@its.uct.ac.za> writes:
> On Wed, Jun 26, 2002 at 08:17:57PM -0400, mark benedetto king wrote:
> > On Wed, Jun 26, 2002 at 07:14:31PM -0500, Eric Gillespie wrote:
> > > mark benedetto king <bking@inquira.com> writes:
> > >
> > > > http://foo.com/';rm -rf /;echo 'sorry!
> > >
> > > No, that's what you're advocating. I'd be pasting:
> > >
> > > http://foo.com/%27%3Brm%20-rf%20/%3Becho+%27sorry%21
> > >
> >
> > Visit: http://www.boredom.org/~egrep/demo.html
> >
> > Click the link.
> >
> > Highlight your browser's URL-bar.
> >
> > then type:
> >
> > echo '
> >
> > then paste
> >
> > then '[enter]
>
> eh?
>
> $ echo 'http://www.boredom.org/~egrep/demo.html?%27;ls;echo%27'
> http://www.boredom.org/~egrep/demo.html?%27;ls;echo%27
>
> > Note: I've only tested this with Mozilla 0.9.9
>
> OK, so my about:mozilla says "Mozilla 0.9.5+"
>
> Why should 0.9.9 do anything different with the above? Does it unescape
> the URLs on the address bar or something?
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Jun 27 19:34:46 2002