Using Bugzilla to hide spam sites
Gervase Markham
gerv at mozilla.org
Mon May 14 12:36:27 UTC 2007
Christopher Hicks wrote:
> Arms races are unwinnable, but sometimes its the only practical
> solution. Checking URL's in attachments against the various spam URL
> databases would seem harmless and take care of most of the problem
> for a little while. It won't win any races, but if it puts us ahead
> for a lap or two, so be it.
It wouldn't even put us ahead this lap. The attachment I linked to
obfuscates the redirect URL using JavaScript.
We could fix that, of course, if browsers supported serving content with
a HTTP header which said "no script allowed"...
http://www.gerv.net/security/content-restrictions/
Gerv
More information about the developers
mailing list