Re: XSOURCE gave encoded unfiltered source

• From: ONIME EHIMIKA OHIREIME <onime@ictp.trieste.it>
• Date: Mon, 6 Sep 1999 10:58:11 +0200 (MET DST)
• To: "Lena [Kiev.Ukraine]" <lena@ganimed.freenet.viaduk.net>
• cc: www4mail-comments@w3.org, www-email-discuss@w3.org
• Message-ID: <Pine.GSO.3.96.990906104951.9939J-100000@sv12>

This site reveal a very interesting bug with the script loading section of
www4mail. It has been fixed now. Loading a remote script file could change
the MIME Type of the entire document...

However please note that when you request for a document, if www4mail
detects (possibly from the remote Server) a different MIME type from
text/html or a non-text Content Type that: 
1. the html parsing is disabled.
2. MIME Base 64 Encoding is enabled...

www4mail will always generated a file name from the URL... This is to
assist your MIME mail user agent in saving the attached file.

Thanks
Clement Onime

Status fixed..
The new 2.2 gateways would have a fix for it...

On Sun, 5 Sep 1999, Lena [Kiev.Ukraine] wrote:

> Hello,
> 
> My letter:
> 
> > To: www4mail@wm.ictp.trieste.it
> > Message-Id: <PnrK0qt4iE@ganimed.freenet.viaduk.net>
> > From: "Lena [Kiev.Ukraine]" <lena@ganimed.freenet.viaduk.net>
> > Date: Fri,  3 Sep 1999 19:28:21 +0200 (UKR)
> > MIME-Version: 1.0
> > Content-Type: text/plain; charset=us-ascii
> >
> > xnostat
> > xsource http://www.onelist.com
> > help info
> 
> Reply from www4mail:
> 
> > Received: from wm.ictp.trieste.it (root@wm.ictp.trieste.it [140.105.17.182])
> >         by resolver.viaduk.net (8.9.3/8.9.1) with ESMTP id CAA56086
> >         for <lena@ganimed.freenet.viaduk.net>; Sun, 5 Sep 1999 02:30:18 +0300 (EEST)
> >         (envelope-from www4mail@wm.ictp.trieste.it)
> > Received: (from www4mail@localhost)
> >         by wm.ictp.trieste.it (8.9.3/8.9.3) id BAA29064
> >         for lena@ganimed.freenet.viaduk.net; Sun, 5 Sep 1999 01:03:40 +0200
> > Date: Sun, 5 Sep 1999 01:03:40 +0200
> > From: WWW by MAIL Gateway <www4mail@wm.ictp.trieste.it>
> > Message-Id: <199909042303.BAA29064@wm.ictp.trieste.it>
> > X-Authentication-Warning: wm.ictp.trieste.it: www4mail set sender to www4mail@wm.ictp.trieste.it using -f
> > X-Mailer: WWW4MAIL Gateway Version 2.2
> > MIME-Version: 1.0
> > X-Quota-info: 297 remaining.
> > To: lena@ganimed.freenet.viaduk.net
> > Subject: Requested (URL - http://www.onelist.com)
> > Content-Type: multipart/mixed;
> >         boundary="===========_-2904693648==_============"
> > Lines: 326
> >
> >
> > --===========_-2904693648==_============
> > Content-Type: application/x-javascript; name="list_com.html"
> > Content-Transfer-Encoding: base64
> > Content-Disposition: attachment; filename="list_com.html"
> > Content-Description:  ASCII text
> >
> > PCEtLSBYLVVSTDogaHR0cDovL3d3dy5vbmVsaXN0LmNvbSAtLT4KPEJBU0UgSFJFRj1odHRw
> > Oi8vd3d3Lm9uZWxpc3QuY29tPgoNCjxIVE1MPg0KPEhFQUQ+DQogIDxUSVRMRT4NCiAgICBP
> 
> <snip>
> 
> > UmVzZXJ2ZWQuDQogICAgPGEgaHJlZj0iL2luZm8vbGVnYWxpbmZvLmh0bWwiPkltcG9ydGFu
> > dCBEaXNjbGFpbWVycyBhbmQgTGVnYWwgSW5mb3JtYXRpb248L2E+DQo8L0ZPTlQ+DQogIDwv
> > VEQ+DQogPC9UUj4NCjwvVEFCTEU+DQoNCjwvYm9keT4NCjwvaHRtbD4NCg==
> >
> > --===========_-2904693648==_============--
> >
> >
> 
> I don't understand why page was encoded, why "application/x-javascript"
> and where "list_com.html" came from.  But more importantly, when I 
> base64-decoded the file, I saw that it was unfiltered/unmodified
> by www4mail (despite the XSOURCE command) source of the page:
> 
> > <!-- X-URL: http://www.onelist.com -->
> > <BASE HREF=http://www.onelist.com>
> >
> > <HTML>
> > <HEAD>
> >   <TITLE>
> >     ONElist              </TITLE>
> >       <META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
> >     <META content="free mailing lists, communities, majordomo, email, bounce handling, mlm software, listserv, ONElist, email list, newletters, announcement, email lists, list hosting" name=keywords>
> >     <META content="ONElist - Free Email Communities" name=description>
> >   </HEAD>
> >
> > <BODY bgColor="#FFFFFF"
> >       text="#000000"
> >       link="#330099"
> >       vlink="#330099"
> >       marginheight=0 marginwidth=0 leftmargin=0 topmargin=0
> >       >
> >
> > <a name="top"></a>
> > <table border="0" cellpadding="0" cellspacing="0" width="100%">
> >   <tr bgcolor="#330099" valign="middle">
> >     <!-- ONElist Logo -->
> >     <td width="1%"><a href="/" target="_top"><img src="/images/logo_blue150.gif" width="150" height="62" vspace="5" hspace="10" border="0" alt="ONElist"></a></td>
> >     <td align=center>
> >             <!-- Ad Banner -->
> >       <IFRAME WIDTH=468 HEIGHT=60 NORESIZE SCROLLING=No FRAMEBORDER=0
> >        MARGINHEIGHT=0 MARGINWIDTH=0
> >        SRC="http://adforce.imgis.com/?adiframe|2.0|34|25943|6006|1|ADFORCE;">
> >         <script language=javascript src="http://adforce.imgis.com/?addyn|2.0|34|25943|6006|1|ADFORCE;loc=700;">
> >         </script>
> >         <noscript>
> >       <a href="http://adforce.imgis.com/?adlink|2.0|34|25943|6006|1|ADFORCE;loc=300;" target=_top><img src="http://adforce.imgis.com/?adserv|2.0|34|25943|6006|1|ADFORCE;loc=300;" width="468" height="60" border="0" vspace="4" hspace="4" align="absmiddle" alt=""></a>
> >         </noscript>
> >       </IFRAME>
> >       <!-- End Ad -->
> >           </td>
> >   </tr>
> >
> >   <tr>
> >     <td colspan="2">
> > <table bgcolor="#330099" border="0" cellpadding="0" cellspacing="0" width="100%">
> >   <tr>
> >     <!-- Tabs -->
> > <td width="1%"><img src="/images/tabs_comm.gif" border="0" width="281" height="32" hspace="10" usemap="#tabs" alt=""></td>
> >     <!-- Greetings -->
> >     <td width="100%" nowrap align=right>
> >       <font size="2" color="#FFFFFF">
> >       <b>
> >       Hello              Guest            </b>
> >               | <a href="/register" target="_top" style="color:#FFFFFF;"><font color="#FFFFFF">Register</font></a>
> >         | <a href="/myonelist" target="_top" style="color:#FFFFFF;"><font color="#FFFFFF">Sign In</font></a>
> >             &nbsp;
> 
> <snip>
> 
> >      <TD><!-- signin -->
> >       <TABLE border="0" cellpadding="3" cellspacing="0" bgcolor="#EEEEEE" width="100%">
> >        <FORM action="/myonelist" method="post">
> >         <TR>
> >          <TD colspan="2" bgcolor="#FF9900"><IMG src="/images/spacer.gif" width="220" height="2" alt=""></TD>
> >         </TR>
> >         <TR>
> >          <TD colspan="2"><B>
> >           Returning? Sign In:</B>
> >          </TD>
> >          <TR>
> >           <TD><FONT size="1">
> >            Email address:</FONT>
> >           </TD>
> >           <TD>
> >            <INPUT type="text" name="login_email" size="15" maxlength="128">
> >           </TD>
> >          </TR>
> >          <TR>
> >           <TD><FONT size="1">
> >            Password:</FONT>
> >           </TD>
> >           <TD>
> >            <INPUT type="password" name="login_password" size="15" maxlength="128">
> >           </TD>
> >          </TR>
> >          <TR>
> >           <TD colspan="2" align="center">
> >            <INPUT type="checkbox" name="login_persistence" value="1"><FONT size="-1">
> >            Remember who I am.</FONT>
> >           </TD>
> >          </TR>
> >          <TR>
> >           <TD colspan="2" align="center">
> >            <INPUT type="submit" value="Sign In">
> >           </TD>
> >          </TR>
> >          <TR>
> >           <TD colspan="2" align="center"><FONT size="-1"><A href="/remind">
> >            Forgot password?</A> | <A href="/help/help5.html">
> >            Help</A></FONT>
> >           </TD>
> >          </TR>
> >        </FORM>
> >       </TABLE>
> 
> <snip>
> 

Received on Monday, 6 September 1999 05:03:57 UTC