TONT 40483 为什么不能在气泡通知里放超链接?



The short answer: “Because there is no NIF_PARSELINKS flag.”


The long answer:


When balloon tips were first developed, there was no ability to embed links. Consequently, programs were free to put insecure text in balloon tips, since there was no risk that they would become “live”. So, for example, a virus scanner might say “The document ‘XYZ’ has been scanned and found to be free of viruses.”


Now suppose hotlinks were supported in balloon tips. Look at how this can be exploited: I can write a web page that goes


<TITLE>&lt;A HREF=”file:C:\Windows\system32\”&gt;Party plans&lt;/A&gt;</TITLE>

I then rename the file to “Party plans.html”, attach it to some email, and send it to you.

然后我把这个文件改名叫『Party plans.html』(译注:文件名字面意思为:派对计划),把它塞进邮件的附件里,然后发给你。

You download the message and since you are a cautious person, you ask your virus scanner to check it out. The balloon appears:


(译注:扫描完成:文件 ‘Party plans‘ 扫描完毕,没有发现已知的病毒。)

“Oh, how convenient,” you say to yourself. “The virus scanner even included a hotlink to the document so I can read it.”


And then you click on it and your hard drive gets reformatted.


“So why don’t you add a NIF_PARSELINKS flag, so people who want to enable hotlinks in their balloon tips can do so, and still remain compatible with people who wrote to the old API?”


(I’ve heard of one person trying to pass a TTF_PARSELINKS flag in the NOTIFYICONDATA.uFlags member and wondering why it wasn’t working. I hope it’s obvious to everybody why this had no chance of working.)


Because that would just be passing the buck. Anybody who used this proposed flag would then have to be extra-careful not to put untrusted links in their balloon tips. Most people would just say, “Wow! A new flag! That’s awesome!” and start using it without considering the serious security implications. Then somebody can trick the program into putting untrusted text into a balloon tip and thereby exploit the security hole.


“Aw, come on, who would be so stupid as to write code without considering all the security implications?”


I hope that was a joke question.


The best way to make sure things are secure is to make it impossible to be insecure.



电子邮件地址不会被公开。 必填项已用*标注

 剩余字数 ( Characters available )


Notice: please DO NOT add any links in your comment, otherwise it would be identified as SPAM automatically.