Douglas Barnes writes:
Spent too much time last night playing with the Netscape bug; among other things wrote some code to throw various random binary URLs at Netscape. Netscape seems prepared to swallow the bait as long as the URL does _not_ contain characters screened as follows: if ((c != '"') && (c!='>') && (c!=0) && (c!='/') ) { This means you can't plant 0x00, 0x22, 0x3e or 0x2f.
No, you *can* put 0x22, 0x3e and 0x2f by using respectively " > and / html constructs (&#nnn; nn decimal ascii code) unfortunatly � is not recognized but you can probaly use any number substracted by itself or even short lda#0 (depending on the cpu),...if you need a zero,...(what for ?) I hope this helps too, btw, anywone having contacts on the 8lgm folks? they must have experience with that kind of stuff... Uptodate infos kept on http://hplyot.obspm.fr/~dl/netscapesec/ It seems the anim is working on about every netscape around, except one folk on linux that reported it didn't crash though someone else, on linux too said it crashed... Even if a patch should be availble now, making a demonstration is still interesting IMO [specially when you know that there are still ppl around using netscape 0.9x beta, and even ppl 'selling' it in ISP access packages!...] dl -- Laurent Demailly * http://hplyot.obspm.fr/~dl/ * Linux|PGP|Gnu|Tcl|... Freedom Prime#1: cent cinq mille cent cinq milliards cent cinq mille cent soixante sept Qaddafi ammunition radar Legion of Doom KGB Khaddafi Croatian