[1552] in WWW Security List Archive
Re: JavaScript to grab e-mail
daemon@ATHENA.MIT.EDU (Dennis Boone)
Mon Feb 26 21:47:32 1996
To: www-security@ns2.rutgers.edu
Date: Mon, 26 Feb 96 18:34:17 -0500
From: Dennis Boone <drb@burrow.cl.msu.edu>
Errors-To: owner-www-security@ns2.rutgers.edu
> Basically what the script does is to make the browser submit e-mail to
> the indicated mailto: URL. When the mail is sent, the user's reply
> address is included as a matter of course.
Entering un-useful addresses in the Netscape config was suggested as a
damage-limiting tactic. Unfortunately, Netscape dutifully encodes the
sender field using data it gathers from the system (i.e. userid and
hostname).
I'm strongly tempted to quit using Netscape until they fix this.
Dennis Boone
MSU CWIS Team
