[pmmail-list] HTML and other parts (was: when is the new beta coming?)

Fri, 30 Aug 2002 11:38:25 -0700

On Fri, 30 Aug 2002 19:56:25 +0200 (MES), L.Willms wrote:

>On Thu, 29 Aug 2002 10:46:37 -0700, Tim Roberts wrote:
>
>  answering Carl Gehr: 
>
>> >Why:  The HTML message that was received by a friend over the weekend,
>> >no attachments, but included an imbedded Java virus that would download
>> >a file in the background and clobber the system.
>> 
>> That's impossible.  Javascript simply cannot do that.
>
>For one, Carl Gehr wrote of Java, not Javascript. Maybe he confounded the 
>two, but despite the name, the two are not related. 

Yes, I assumed he made a mistake.  No one ships Java applets with HTML e-mail.

>But a fact is, using a Microsoft browser, and its JSCRIPT implementation of 
>Javascript, such a script can access the filesystem, just as a Visual Basic 
>Script, via the filesystem object which is supplied by the Windows Scripting 
>Host. 

Not through embedded scripts in a <script> tag.  The sandbox doesn't allow it.  
It can certainly do so if one is stupid enough to execute a .vbs or .js 
attachment, but that's not what he said.

--
- Tim Roberts, timr@probo.com
  Providenza & Boekelheide, Inc.

- pmmail-list - The PMMail Discussion List ---------------------------
To POST to the list, send your message to:
pmmail-list@blueprintsoftwareworks.com

To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com 
with the first line of the message body being...
UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com
---------------------------------------------------------------------