I noticed a typo in a site spinner tip of the day. I figured you'd want to pass it on to the designers for future generations.

Here is the tip of the day - the typo is "Slected" instead of selected.

You can quickly open the text editor for a slected text object by pressing the ENTER key. Pressing ALT+ENTER will close the text editor.

Thanks

Mick

Thanks Mick. We will make sure that gets corrected.

Here is an interesting article on the potential drawbacks with the "mailto:" method...
http://www.isolani.co.uk/articles/mailto.html

Thanks Gvp -- interesting article. I have seen something like this before. It makes this assertion which I have also seen before:

quote:

Microsoft's Internet Explorer when used with Outlook Express does produce the remarkable effect of sending the contents of the form via email to the address suggested in the form tag. Which is good for the newbie web-designer - Melissa and Love Bug worm-authors are equally happy with this close relationship between the browser and mail reader. This affinity is thus a good thing, and a serious fundamental security flaw.

I agree that having email addresses plainly in your html page is a security issue -- they can be harvested by spammers. But if you obscure the email addresses, is there still a security issue?

User fills out a form on your webpage. Your code then sets up an email, passes it to user's email client which in turn then sends it to you. How can this process be exploited by "Melissa and Love Bug worm-authors"

Of course, as the article points out, there are major issues with the practicalities of reliably sending the email. For this reason, a server-side script is the way to go.

If there is indeed a security issue as alleged, does this also apply to the simple mailto links (without forms) that are built right into SiteSpinner? Aside from the spam risk, (which can be sidestepped), is there any other security problem that should preclude us from using simple mailto links?

no matter where you put you email, it can be harvested... even by just posting your email address on a forum like myname@mydomain.com can be harvested, alot of people on alot of forums will always post it like his myname[at]mydomain.com so it deosn't get harvested.
But don't worry about putting emails in the forums myspace as all that is stored in databases and in server side scripts, making it completely safe.

Although i do highly reccomend if you ever post your email on a forum to post it like "myname[at]mydomain.com"

ok, that seems a tad off topic, but i wanted to point it out all the same, and it proves thos damn spiders are everywhere. They are very similar to the spiders that google use though. so.... hmm, i leave you to think abou that.

Bruceee,

I think the security vulnerability is when dubious "mailto:" links are presented to the user - probably delivered via spam. ("Click here for details" ... yeah, right) I can't see how from a security viewpoint, mailto's produced by SiteSpinner would pose any threat or risk.

Also, its worth noting that email obfuscation is fairly easy to "crack" - damn spiders are getting more devious every day! The difficulty with trying to obscure something is that ultimately the user's browser still has to be able to un-obscure it to work - and if the browser can do it, so can a human.

Of course, its easy to get carried away with all this. If I'm running a financial site dealing with peoples money and personal details, I'd better make damn sure that security is tight. If I'm merely asking people to join my 'Curry of the Week' newsletter, its probably not too big of a deal!

Interesting stuff! (Oh, and by the way, it's Chicken Madras )

quote:

a financial site dealing with peoples money

Make sure to read about security certificates then. (they make the url bar go yellow).I don't know much about them though.
Just a thought