What's funny is that NewScientist.com, which claims to be "The World's No.1 Science & Technology News Service" (merely claiming this at all puts me in Suspicious-Of-Their-Journalistic-Integrity Mode) failed to report this until, according to the story, July 15, 2002. The story _itself_ says that CERT first issued an advisory for cross-site scripting in 1997 and "Yahoo's email filter was first noticed by computer users in March 2001". Now, for a site that is supposed to be the number _one_ science and technology news service for the ENTIRE planet, it seems a little odd that it takes them _sixteen months_ to write a story about some new technology news. Maybe they were as confused as we were about why in the bloody hell would people be putting HTML in their freaking emails in the first place... Neil * Steven Hunter (steven_hunter@xxxxxxxxx), on [07-16-02 13:22], wrote: > > -- "M.K. Chatterji" <chat@xxxxxxxxxxxxxxxxxxxxxx> > wrote: > <snip> > > > > http://www.newscientist.com/news/news.jsp?id=ns99992546 > > This is ludicrous for three reasons: > > 1. Scripts can be used to reverse the substitutions. > > 2. "hundreds of websites (havre been changed by an) > email security filter" Would someone explain the > difference between email and the web to this guy? > > 3. As a Yahoo! email user, I sent an email to my > Purdue account with the following text, and it went > through 100% unchanged: > > --Start-- > eval > mocha > expression > > terrorist > bomb the whitehouse white house > assasinate the president > --End-- > > So go figure. > > ===== > Steven Hunter | steven_hunter@xxxxxxxxx > "HEY! Check out these crescent fresh skulls in my salad!" - Sifl & Olly > > __________________________________________________ > Do You Yahoo!? > Yahoo! Autos - Get free new car price quotes > http://autos.yahoo.com >