Re: AppleScript & HTML Again...
Re: AppleScript & HTML Again...
- Subject: Re: AppleScript & HTML Again...
- From: "John C. Welch" <email@hidden>
- Date: Sun, 28 Mar 2004 19:59:19 -0600
On 3/28/04 7:31 PM, "Walter Ian Kaye" <email@hidden> wrote:
>
> <oy>...point dodging...the page lives on a remote server. This is, by the
>
> way, how web - based exploits from web sites work. You load the page. In the
>
> page are scripts that are running against your system. If you replicate the
>
> click action in a script, then you have an remote site automatically running
>
> applications on your system because you opened a web page
>
>
It is clear from the above that your issue is NOT with ML, but with
>
JavaScript.
>
>
Therefore, the only "security issue" with ML is the presense of JavaScript.
>
Disable JS, and ML is safe.
>
>
JS has been infamous for its security problems for years. Many people
>
disable it for precisely that reason.
>
>
If you're going to point the finger of blame, point it in the correct
>
direction: JavaScript.
Well, since this is using Apple Events as a mechanism, why not disable those
too.
john
--
"We herd sheep, we drive cattle, we lead people. Lead me, follow me, or get
out of my way."
- Gen. Patton
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.