Re: [websec] Test of XHR in HTML mail
"Richard L. Barnes" <rbarnes@bbn.com> Mon, 12 December 2011 20:07 UTC
Return-Path: <rbarnes@bbn.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10C8D21F8B0E for <websec@ietfa.amsl.com>; Mon, 12 Dec 2011 12:07:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.315
X-Spam-Level:
X-Spam-Status: No, score=-106.315 tagged_above=-999 required=5 tests=[AWL=0.284, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T8Mzwdl98bpp for <websec@ietfa.amsl.com>; Mon, 12 Dec 2011 12:07:02 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by ietfa.amsl.com (Postfix) with ESMTP id 8F94B21F8B0C for <websec@ietf.org>; Mon, 12 Dec 2011 12:07:02 -0800 (PST)
Received: from ros-dhcp192-1-51-99.bbn.com ([192.1.51.99]:62768) by smtp.bbn.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.74 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1RaC9O-000Ob0-6m; Mon, 12 Dec 2011 15:07:02 -0500
Mime-Version: 1.0 (Apple Message framework v1084)
Content-Type: text/plain; charset="us-ascii"
From: "Richard L. Barnes" <rbarnes@bbn.com>
In-Reply-To: <7B56D5AA-5052-4898-A73A-AED1F958019C@bbn.com>
Date: Mon, 12 Dec 2011 15:07:01 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <9D762009-DF92-4B54-8B21-9767AC099C34@bbn.com>
References: <E1RaC4C-000OK3-N4@smtp.bbn.com> <7B56D5AA-5052-4898-A73A-AED1F958019C@bbn.com>
To: "Richard L. Barnes" <rbarnes@bbn.com>
X-Mailer: Apple Mail (2.1084)
Cc: WEBSEC Mailing List <websec@ietf.org>
Subject: Re: [websec] Test of XHR in HTML mail
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Dec 2011 20:07:03 -0000
In fact, it doesn't look like they're even processing the onload handler for the <body> element (except for Gmail). That black line you see is a collapsed <div>, and it should be hidden on load. Maybe MUAs just aren't supporting Javascript? --Richard On Dec 12, 2011, at 3:04 PM, Richard L. Barnes wrote: > Figured it might be interesting to have an empirical test of how MUAs handle origin-bound things like XHRs. > > In my tests (Mail.app, Thunderbird, Gmail), none of the MUAs seemed to do anything; they didn't even display the failure message. My guess is that they just don't support XHR, but I haven't looked into it. > > --Richard > > > > On Dec 12, 2011, at 3:01 PM, Richard Barnes wrote: > >> test web >> _______________________________________________ >> websec mailing list >> websec@ietf.org >> https://www.ietf.org/mailman/listinfo/websec >
- [websec] Test of XHR in HTML mail Richard Barnes
- Re: [websec] Test of XHR in HTML mail Richard L. Barnes
- Re: [websec] Test of XHR in HTML mail Richard L. Barnes
- Re: [websec] Test of XHR in HTML mail Gervase Markham