--nextPart3312952.M2LGnjnLn1 Content-Type: multipart/alternative; boundary="Boundary-01=_WLgoJUTx3k03ekM" Content-Transfer-Encoding: 7bit --Boundary-01=_WLgoJUTx3k03ekM Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On Sunday 22 February 2009, John Tapsell wrote: > 2009/2/22 Michael Pyne : > > "This will start the program '%s'. If you are unsure of the origin, click > > Cancel." > > Could you try to sanitize %s somewhat? Strip out ' and " characters, > cut it to 10 or so characters etc. Try to make it difficult for > social engineering through the program name. Sure, shouldn't be too hard. Regards, - Michael Pyne --Boundary-01=_WLgoJUTx3k03ekM Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 7bit On Sunday 22 February 2009, John Tapsell wrote:
> 2009/2/22 Michael Pyne <BALEETED>:
> > "This will start the program '%s'. If you are unsure of the origin, click
> > Cancel."
>
> Could you try to sanitize %s somewhat? Strip out ' and " characters,
> cut it to 10 or so characters etc. Try to make it difficult for
> social engineering through the program name.


Sure, shouldn't be too hard.


Regards,
- Michael Pyne

--Boundary-01=_WLgoJUTx3k03ekM-- --nextPart3312952.M2LGnjnLn1 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEABECAAYFAkmiAtgACgkQqjQYp5Omm0oPnACeOYxq+MOvxD6H4xErPUfLU+jI VSgAn2/NTOssxqsD0aDD2uSBKWoWnQRq =suhc -----END PGP SIGNATURE----- --nextPart3312952.M2LGnjnLn1--