 |  |  | ||||||||||
 |  | |  | |  | |  | |  | | ||
07/13/2002 "Yahoo Mail Text Swapping" It's nice to see that Yahoo is turning a healthy profit. Unfortunately, instead of cooking their books, Yahoo has been cooking their own users' private correspondence. Yahoo, understandably, fears something called a "cross-site scripting attack" where a malicious user can insert a javascript into their HTML e-mail that might, for example, spawn a million new e-mails when the mail server processes it. That would be bad. To prevent this, Yahoo runs a kind of spell-check on all it's HTML e-mail that replaces javascript command words in the text of the mail sent to its users. This word swapping has been going on since at least March 2001, but because Yahoo isn't up front about it's practices, very few people have spotted the swapping. This has resulted in widespread information damage. For example, the word "medieval" (which contains the javascript command "eval") is converted in Yahoo mail to "medireview". University papers, bibliographies, book reviews, newspaper columnists, and endless enthusiast sites drop this Yahoo-changed content unseen into texts. Google now shows over 640 sites (and 1,150 separate instances) of the word "medireview" being used in lieu of the word "medieval." Web authors really should proofread their content. Also, readers have begun to ask where these words originally came from. I'd wonder why an author used the word medireview, too. Does this new, odd word have a subtler meaning beyond "medieval?" I'd say yes! It means Yahoo hasn't taken the time to construct a very good filtering script.
For a list of Yahoo's swapped words:
I guess Yahoo likes to object xobject to freedom of expression statement.
|  |
|
|
|
| Home | Contact | Portfolio | Web Log | Features |
|
|
|