View Single Post
Old 26th August 2004, 12:30   #24
Passionately Apathetic
CraigF's Avatar
Join Date: May 2000
Location: Hell
Posts: 5,436
while i have discussed the same with the previous developers, the general concensus is that you are simply working around the fact that IE is insecure in itself. You are also preventing much of what the <browser> tag was originally included for.

Classic skin files will only unzip those extensions it knows it requires, and are safe. I havent had time to look at the fix included within 5.05, but I do not assume this to be the same, and rather, as you have pointed out, just a "dont unzip this known BAD filetype". So with that regard, I agree with you. It would be far better to actually only unzip known safe files, than to unzip the other way around (assuming this isnt the case).

CraigF is offline   Reply With Quote