[nycphp-talk] Filtering input to be appended inside email
Mikko Rantalainen
mikko.rantalainen at peda.net
Tue Sep 13 11:11:13 EDT 2005
Daniel Convissor wrote:
> Mikko wrote:
>>Body doesn't need to be handled unless you use HTML mail (shame on
>>you), in which case all XSS issues are there waiting.
>
> But some (many?) email clients are F'ing stupid.
Yes, but my point was that unless you're sending HTML mail from your
server, there's no need to filter body. Or at least I'm not aware of
any exploitable MUA when the input type is text/plain.
--
Mikko
More information about the talk
mailing list