Correction:<br><br><div class="gmail_quote">On Tue, Dec 15, 2009 at 3:57 PM, Lisa Kachold <span dir="ltr">&lt;<a href="mailto:lisakachold@obnosis.com">lisakachold@obnosis.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Here&#39;s a couple of better dissections of the subject:<br><br><a href="http://knol.google.com/k/a-short-history-of-cross-site-scripting-viruses-worms#" target="_blank">http://knol.google.com/k/a-short-history-of-cross-site-scripting-viruses-worms#</a><br>

<br>And this CSRF gmail hack (still possible in the wild I believe):   <a href="http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/" target="_blank">http://www.gnucitizen.org/blog/google-gmail-e-mail-hijack-technique/</a></blockquote>
<div>That one was patched, this one is still active:<br><br><a href="http://darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=215800241">http://darkreading.com/security/vulnerabilities/showArticle.jhtml?articleID=215800241</a> <br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><div></div><div class="h5"><br>
<br><div class="gmail_quote">On Tue, Dec 15, 2009 at 3:23 PM, Lisa Kachold <span dir="ltr">&lt;<a href="mailto:lisakachold@obnosis.com" target="_blank">lisakachold@obnosis.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">

<br><br><div class="gmail_quote"><div>On Tue, Dec 15, 2009 at 8:21 AM, Austin William Wright <span dir="ltr">&lt;<a href="mailto:diamondmagic@users.sourceforge.net" target="_blank">diamondmagic@users.sourceforge.net</a>&gt;</span> wrote:<br>

<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>Lisa Kachold wrote:<br>
&gt;<br>
&gt; On Tue, Dec 15, 2009 at 8:00 AM, JD Austin &lt;<a href="mailto:jd@twingeckos.com" target="_blank">jd@twingeckos.com</a><br>
</div><div>&gt; &lt;mailto:<a href="mailto:jd@twingeckos.com" target="_blank">jd@twingeckos.com</a>&gt;&gt; wrote:<br>
&gt;<br>
&gt;     I always send both...  It&#39;s 2009, plain text was out in 1985 :)<br>
&gt;<br>
&gt;<br>
&gt; And html allows you to send the gift that keeps on &quot;giving&quot;:<br>
&gt; <a href="http://www.technicalinfo.net/papers/CSS.html" target="_blank">http://www.technicalinfo.net/papers/CSS.html</a><br>
</div>Except XSS is specific to HTTP or Javascript, not strictly HTML. Email<br>
clients (with exceptions, old versions of Outlook for one example)<br>
usually either cannot load external content or won&#39;t do it without<br>
permission.<br></blockquote></div><div>Correct, which is the subject of this thread!<br><br>I must send out my Xmas card How to this year again..... <br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">



<font color="#888888"></font><br></blockquote></div><div><div></div><div>-- <br>Skype: (623)239-3392 <br>AT&amp;T: (503)754-4452 <br><a href="http://www.it-clowns.com" target="_blank">www.it-clowns.com</a><br>
Only the dead have seen the end of war. -Plato<br>
<br><br><br><br><br><br><br><br><br><br><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Skype: (623)239-3392 <br>AT&amp;T: (503)754-4452 <br><a href="http://www.it-clowns.com" target="_blank">www.it-clowns.com</a><br>Only the dead have seen the end of war. -Plato<br>

<br><br><br><br><br><br><br><br><br><br><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br>Skype: (623)239-3392 <br>AT&amp;T: (503)754-4452 <br><a href="http://www.it-clowns.com">www.it-clowns.com</a><br>Only the dead have seen the end of war. -Plato<br>
<br><br><br><br><br><br><br><br><br><br><br>