[Psi-devel] IceRAM's CLI options patch?
lilliput Fab
psi at saycure.com
Thu Aug 31 16:27:53 PDT 2006
On 8/30/06, Hal Rottenberg <halr9000 at gmail.com> wrote:
>
> > > <a href="xmpp:a at example.org http://localhost">
> >
> >
My point was not if the *RFC* 2396
<http://www.faqs.org/rfcs/rfc2396.html>allow it or not but (as server/
client have slighty different way of
handling errors) typicall errors are with charactere encoding uri for
exemple allow % to be %25 - \u0025 but what about %2525 or %25\u0025 ? All
this cases are treated differently depending on the server/browser
applications...in the same case \0 are never been handle the same way, some
client take it has an end of line and some other ignore it...
The risks that I am seeing is mainly a 'kid' leaving a buggy uri on a
forum/blog in order to inject/send jabber data. I don't think HTML allows to
provide two URIs in one <a/> like this.It most definitely does not.
about buffer overflow you may want to test the code with "rats"
--
> Psi webmaster (http://psi-im.org)
> im:hal at jabber.rocks.cc
> http://halr9000.com
> _______________________________________________
> psi-devel mailing list
> psi-devel at lists.affinix.com
> http://lists.affinix.com/listinfo.cgi/psi-devel-affinix.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/psi-devel-affinix.com/attachments/20060901/76c4d7c6/attachment.html
More information about the psi-devel
mailing list