[JDEV] New html tag in messages

dlb civintel at comcast.net
Sun Aug 18 13:21:10 CDT 2002

From: "Richard Dobson" <richard at dobson-i.net>
> I think that is a remote possiblity and even if it does it is the sign of
> badly programmed client and not a fault with the protocol.

I doubt that a nested iq or message element could be exploited to run
anything - it wouldn't be recognized by the server and isn't relevant to
HTML.  A bigger concern IMO would be common script , object , img tag, and
buffer overflow, exploits where the client is using the Web Browser Control
a/o MSHTML.  You'd have the same vulnerabilities as the installed version of

More information about the JDev mailing list