[1240] in WWW Security List Archive
Re: E-mail Address in WEB Browser
daemon@ATHENA.MIT.EDU (Christian Mogensen)
Thu Dec 14 21:26:22 1995
From: Christian Mogensen <mogens@Mjosa.Stanford.EDU>
To: "Robert S. Muhlestein" <robertm@teleport.com>
cc: Joshua Heling <heling@virtu.sar.usf.edu>, www-security@ns2.rutgers.edu
In-reply-to: (Your message of Thu, 14 Dec 95 14:09:14 PST.)
<Pine.SUN.3.91.951214140111.13376G-100000@claudia.teleport.com>
Date: Thu, 14 Dec 95 15:32:26 -0800
Errors-To: owner-www-security@ns2.rutgers.edu
>Actually, the "From:" header is an optional part of the HTTP spec that no
>browser I know chooses to send, in any fashio, with its requests. The
I think you'll find that many browsers do send From (Netscape is just one
of them) with HTTP requests. It depends on whether you have set up your
e-mail address in the user preferences.
>I think Netscrape should have considered this before encouraging
>everyone to use "mailto" as a form action element (in the usual
>lets-screw-the-standards Netscape way).
Actually, there is nothing that says a FORM result must be submitted
through a HTTP request. Using <FORM ACTION="mailto:..."> is perfectly
legal HTML, since mailto:... is a well defined URL. On the other
hand there is nothing that guarantees it will work either.
AFAIK, Lynx also supports Mailto URLs in Forms. It's useful for those
sites that don't allow user CGI scripting, since the scripts can be
run through procmail instead.
Christian 'webhead' <*>
