- From: Tyler Close <tyler.close@gmail.com>
- Date: Tue, 11 Oct 2005 22:56:46 -0700
- To: www-tag@w3.org
I image members of the TAG are no doubt aware of the following news event: """ On December 31, 2004, Cuthbert, using an Apple laptop and Safari browser, became concerned that a website collecting credit card details for donations to the Tsunami appeal could be a phishing site. After making a donation, and not seeing a final confirmation or thank-you page, Cuthbert put ../../../ into the address line. If the site had been unprotected this would have allowed him to move up three directories. """ >From <http://www.theregister.co.uk/2005/10/11/tsunami_hacker_followup/> Will section 5.4.2 of RFC 3986 be amended to indicate that the "../../../" syntax is no longer valid syntax, despite being explicitly declared valid by the current RFC text? I was also wondering if any other elements of Internet and WWW design will be delegated to the British courts. It's funny, and very much not so, all at the same time. Tyler -- The web-calculus is the union of REST and capability-based security: http://www.waterken.com/dev/Web/ Name your trusted sites to distinguish them from phishing sites. https://addons.mozilla.org/extensions/moreinfo.php?id=957
Received on Wednesday, 12 October 2005 06:13:11 UTC