[Esa-l] Re: FYI regarding the Anomy sanitizer
John D. Hardin
jhardin at wolfenet.com
Sat Feb 3 09:31:03 PST 2001
On Fri, 2 Feb 2001, Bjarni R. Einarsson wrote:
> > I've added LAYER to the development version - was ILAYER in the
> > announcement as well?
>
> I don't even know if ILAYER exists. I was doing the work offline,
> and figured "better safe than sorry".
I was reading through the advisories again, and all of the examples I
found were based on the DIV tag with a "z-index:0" argument.
Fortunately the current sanitization seems to deal with it:
<div id="layer4" DEFANGED_STYLE="width:99px; height:99px;
position:absolute; left:0px; top:0px; z-index:0;">
(Assuming, of course, you aren't trusting STYLE tags on inbound
email...)
--
John Hardin KA7OHZ ICQ#15735746 http://www.wolfenet.com/~jhardin/
jhardin at wolfenet.com pgpk -a finger://gonzo.wolfenet.com/jhardin
768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5 E9 BF C8 33 A7 A9 CE 76
1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The question of whether people should be allowed to harm themselves
is simple. They *must*.
-- Charles Murray
-----------------------------------------------------------------------
7 days until she returns
More information about the esd-l
mailing list