- From: Keith Moore <moore@cs.utk.edu>
- Date: Sun, 25 Nov 2001 11:16:36 -0500
- To: Mark Baker <distobj@acm.org>
- cc: dcrocker@brandenburg.com (Dave Crocker), dee3@torque.pothole.com (Donald E. Eastlake 3rd), discuss@apps.ietf.org
> The resolution of some URI aren't safe. I saw an "aim:" URI scheme > recently that allowed resolution of a URI to send an AIM message. That > is a Bad Thing. I don't think it's inherently bad, any more than mailto:discuss-request@apps.ietf.org?Subject=subscribe is bad. What's bad is for client implementors to make it possible for "clicking" on such a URI (or having it appear in a script or image tag on a web page) to result in a message being sent without explicit user verification. Keith
Received on Sunday, 25 November 2001 11:17:09 UTC