[hackmeeting] Yahoo's Seven Word Fragments You Can't Say In Email

[Nico]

Nice  to  see,  in  the  midst  of all these scandals, Yahoo turning a
healthy  profit.  But  as  other companies fiddle the figures, Yahoo's
been busy instead with fiddling its own users' private correspondence.
In  a  fantastically  clumsy  attempt  to prevent cross-site scripting
attacks,  the  free  e-mail  wing of the sprawling giant has long been
replacing  complete English words in the text of HTML mail sent to its
users.  Mention  "mocha" in an HTML mail to a friend with a @yahoo.com
account,  and  your  choice  in  coffee  will  be silently switched to
"espresso".  Talk  about  "free  expression",  and your recipient will
think you said "free statement".

Here's the full list of swaperoos:

Yahoo's Seven Word Fragments You Can't Say In Email
===================================================

eval       => review
mocha      => espresso
expression => statement
javascript => java-script
jscript    => j-script
vbscript   => vb-script
livescript => live-script

Yahoo's hack doesn't respect word boundaries: so evaluate would become
reviewuate, retrieval becomes retrireview.

There are also a few tags that are verboten:

link   => xlink
script => cursive
object => xobject
embed  => xembed
body   => xbody
iframe => xframe
layer  => xlayer
applet => xapplet
meta   => xmeta
form   => xform

See http://www.ntk.net/2002/07/12/ for more details.

-- 
Un saludo,
 Nico