You are here: irt.org | About | Feedback | 23 [ previous next ]
Feedback on:
HTML #5 - Using feedback forms
Sent by
Paul Bennett on October 05, 1998 at 05:23:18:> For example, a form-to-email script
> might look at a hidden control in order
> to find out which e-mail address it
> should send the form to
This can be a really bad idea. Unless
you do this carefully, you give me the
ability to send arbitary e-mail from your
server to anyone I want to - you've
created an anonymous re-mailer. And
don't start talking about the CGI
HTTP_REFERRER field - I can get
around that by telnet'ing to your HTTP
port.
Paul.
Other feedback on 'HTML #5 - Using feedback forms' - show all