TONT 40483 为什么不能在气泡通知里放超链接?

垃圾链接不要丢,裹上面糊下锅油炸,隔壁的小孩都馋哭了。

原文链接:https://blogs.msdn.microsoft.com/oldnewthing/20040225-00/?p=40483

The short answer: “Because there is no NIF_PARSELINKS flag.”

简而言之:『因为NIF_PARSELINKS这个flag是不存在的。』

The long answer:

详细的说明:

When balloon tips were first developed, there was no ability to embed links. Consequently, programs were free to put insecure text in balloon tips, since there was no risk that they would become “live”. So, for example, a virus scanner might say “The document ‘XYZ’ has been scanned and found to be free of viruses.”

一开始的时候,是没有办法在气泡通知里内嵌链接的。因此,应用程序可以任意在气泡通知中放置『不安全』的文本,反正这些文本也没有机会变成『活物』。举例来说,某防病毒软件可能展示如下的内容:『文档’XYZ’扫描完毕,没有发现病毒』。

Now suppose hotlinks were supported in balloon tips. Look at how this can be exploited: I can write a web page that goes

现在假设气泡通知支持超链接,来看看可以如何利用这个机制:我可以写一个网页,内容是:

<TITLE>&lt;A HREF=”file:C:\Windows\system32\format.com?C:”&gt;Party plans&lt;/A&gt;</TITLE>

I then rename the file to “Party plans.html”, attach it to some email, and send it to you.

然后我把这个文件改名叫『Party plans.html』(译注:文件名字面意思为:派对计划),把它塞进邮件的附件里,然后发给你。

You download the message and since you are a cautious person, you ask your virus scanner to check it out. The balloon appears:

你把这封邮件下载回来,鉴于你是个谨慎的人儿,你会用防病毒软件扫描一下,防病毒软件弹出了气泡通知,说:

(译注:扫描完成:文件 ‘Party plans‘ 扫描完毕,没有发现已知的病毒。)

“Oh, how convenient,” you say to yourself. “The virus scanner even included a hotlink to the document so I can read it.”

『噢,真方便』,你自言自语道,『这防病毒软件还给了个链接,让我能直接打开它。』

And then you click on it and your hard drive gets reformatted.

然后你点了一下链接,你的硬盘就被格掉了。

“So why don’t you add a NIF_PARSELINKS flag, so people who want to enable hotlinks in their balloon tips can do so, and still remain compatible with people who wrote to the old API?”

『那为什么不增加NIF_PARSELINKS这个flag,让想启用超链接功能的人可以达到目的,同时还保持与旧版API的兼容性呢?』

(I’ve heard of one person trying to pass a TTF_PARSELINKS flag in the NOTIFYICONDATA.uFlags member and wondering why it wasn’t working. I hope it’s obvious to everybody why this had no chance of working.)

(我听说过有人尝试向NOTIFYICONDATA.uFlags成员传入TTF_PARSELINKS的flag,还奇怪为什么不管用。在这里我希望所有人都能明白为什么不可能管用。)

Because that would just be passing the buck. Anybody who used this proposed flag would then have to be extra-careful not to put untrusted links in their balloon tips. Most people would just say, “Wow! A new flag! That’s awesome!” and start using it without considering the serious security implications. Then somebody can trick the program into putting untrusted text into a balloon tip and thereby exploit the security hole.

因为那样做等于推卸责任。要去使用这个flag的人现在需要格外小心不要在气泡通知里放置不可信的超链接了,然鹅大多数人只会欢呼『哇,新flag,好耶!』,然后在对严重的安全隐患毫无考虑的情况下开始使用这个新flag。接下来,别有用心的人就会想办法让程序弹出带有不可信的内容的气泡通知,进而促成了一个安全漏洞。

“Aw, come on, who would be so stupid as to write code without considering all the security implications?”

『哎呀,别闹了,有谁会那么傻去写对安全隐患考虑不周全的代码啊?』

I hope that was a joke question.

这种问题最好是在开玩笑。

The best way to make sure things are secure is to make it impossible to be insecure.

确保安全的最好方式,就是使其不可能不安全。

发表评论

电子邮件地址不会被公开。 必填项已用*标注

 剩余字数 ( Characters available )

注:请不要在评论中插入任何链接,否则将自动被识别为垃圾评论,博主将完全看不到。

Notice: please DO NOT add any links in your comment, otherwise it would be identified as SPAM automatically.

*