[Clipart] Fwd: [Bug 689839] Re: internet explorer save button not working

Piers Haken piersh at hotmail.com
Sat Feb 19 12:15:21 PST 2011 

No, just trying to help...

See my profile: http://www.openclipart.org/user-detail/spongman

FYI: I just set my Full Name to:

  <div 
style="position:absolute;left:0;top:0;background:#fff;z-index:10;opacity:.9;">
    <h1 style="color:red;font-size:500%;">please read this:</h1>
    <iframe src="http://wikipedia.org/wiki/Cross-site_scripting" width="1000" 
height="1000"/>
  </div>

Bad guys could use this to do bad things to your users.

In general you should NEVER put text into an HTML document without encoding it 
first. You  should NEVER treat text from the user as HTML. The javascript in 
the click handlers for the 'editready/editdone' stuff does exactly this. Also, 
the rendering of the 'user-detail' page isn't correctly encoding the user's 
name.

You also shouldn't put text into an HTML/XML attribute without the appropriate 
encoding, but that's another story...

Piers.

-----Original Message-----
From: jon at rejon.org [mailto:jon at rejon.org]
Sent: Saturday, February 19, 2011 7:58 AM
To: Piers Haken
Cc: Open Clip Art Library PUBLIC
Subject: Re: [Clipart] Fwd: [Bug 689839] Re: internet explorer save button not 
working

I don't even know what you are talking about? Are you a spammer or can you 
describe what you are talking about?

On Sat, Feb 19, 2011 at 3:15 AM, Piers Haken <piersh at hotmail.com> wrote:
> Try setting your Full Name to:
>
>        <iframe src="/" />
>
> Hilarity ensues.
>
> Piers.
>
> -----Original Message-----
> From: clipart-bounces+piersh=hotmail.com at lists.freedesktop.org
> [mailto:clipart-bounces+piersh=hotmail.com at lists.freedesktop.org] On
> Behalf Of Piers Haken
> Sent: Friday, February 18, 2011 3:39 PM
> To: 'Open Clip Art Library PUBLIC'
> Subject: Re: [Clipart] Fwd: [Bug 689839] Re: internet explorer save
> button not working
>
> var htmldata = $("#557389homepage textarea").val(); var originaldata =
> $("#557389homepage textarea").text(); if (htmldata != originaldata) {
>        // in IE these are NEVER different
>        // this code NEVER gets run
> }
>
>
> Piers.
>
> -----Original Message-----
> From: clipart-bounces+piersh=hotmail.com at lists.freedesktop.org
> [mailto:clipart-bounces+piersh=hotmail.com at lists.freedesktop.org] On
> Behalf Of jon at rejon.org
> Sent: Friday, February 18, 2011 12:17 PM
> To: Open Clip Art Library PUBLIC
> Subject: [Clipart] Fwd: [Bug 689839] Re: internet explorer save button
> not working
>
> we need someone with internet explorer and who wants to help with aiki
> to help fix internet explorer and browser bugs.
>
> Anyone want to step up to the plate?
>
> fabricatorz use linux.
>
> Jon
>
>
> ---------- Forwarded message ----------
> From: chovynz <689839 at bugs.launchpad.net>
> Date: Fri, Feb 18, 2011 at 2:05 PM
> Subject: [Bug 689839] Re: internet explorer save button not working
> To: jon at rejon.org
>
>
> I don't know how to, or what to look for. My time is better spent elsewhere.
> Changing to openclipart.devel assignee
>
> ** Changed in: openclipart
>    Assignee: chovynz (chovynz) => openclipart.devel
> (openclipart.devel)
>
> --
> You received this bug notification because you are a member of
> openclipart.devel, which is a bug assignee.
> https://bugs.launchpad.net/bugs/689839
>
> Title:
>  internet explorer save button not working
>
>
>
> --
> Jon Phillips
> http://rejon.org/ | http://fabricatorz.com/
> chat/skype: kidproto | irc: rejon
> +1.415.830.3884 (global) | +1-510-499-0894 (sf)
> _______________________________________________
> clipart mailing list
> clipart at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/clipart
>
> _______________________________________________
> clipart mailing list
> clipart at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/clipart
>
>



--
Jon Phillips
http://rejon.org/ | http://fabricatorz.com/
chat/skype: kidproto | irc: rejon
+1.415.830.3884 (global) | +1-510-499-0894 (sf)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6908 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/clipart/attachments/20110219/27ee3b57/attachment.bin>

More information about the clipart mailing list