Re: Bug or Security Feature in Server reply?

Jon P. Knight (cojpk@lut.ac.uk)
Thu, 11 Aug 1994 13:06:42 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Brian Mansfield: "html list?"
Previous message: Frank Majewski: "Bug or Security Feature in Server reply?"
Maybe in reply to: Frank Majewski: "Bug or Security Feature in Server reply?"

On Thu, 11 Aug 1994, Frank Majewski wrote:
> Passing this kind of HTML-code causes two tested clients (XMosaic 2.4 & MacWeb)
> to look at server's URL (ie. its CGI-BIN-dir) for the file(s)!
>
> You might say: "That's to be excepted, because the action-URL in the FORM becomes
> the actual matching MAIN-URL!" but in my opinion this is a failure because *after*
> starting the form you are not at server side any more but at client side (the
> transmission has successfully ended), aren't you?

Why not use a <BASE> tag in the <HEAD> of the returned HTML? Then your
relative URL would become relative to the HREF attribute of the BASE
element and not the HREF of the CGI script. You'd want a line in the
headers some thing like:

Or am I missing something here?

Jon

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Jon Knight, Research Student in High Performance Networking and Distributed
Systems in the Department of _Computer_Studies_ at Loughborough University.
* It's not how big your share is, its how much you share that's important *

Next message: Brian Mansfield: "html list?"
Previous message: Frank Majewski: "Bug or Security Feature in Server reply?"
Maybe in reply to: Frank Majewski: "Bug or Security Feature in Server reply?"