FP: FrontPage Save Results Forms Altered By Web Browsers (165347)



The information in this article applies to:

  • Microsoft FrontPage 97 for Windows with Bonus Pack
  • Microsoft FrontPage for Windows 1.1
  • Microsoft FrontPage for the Macintosh 1.0

This article was previously published under Q165347

SYMPTOMS

If a FrontPage WebBot Save Results Component is set up to save results to a publicly viewable location, the Web browser may append spurious content to pages within the web.

CAUSE

The FrontPage Server Extensions enable you to write HyperText Markup Language (HTML) code from the Web browser into a form and also allows the Web server to accurately evaluate the HTML.

RESOLUTION

To correct this problem, obtain the updated version of the FrontPage Server Extensions. You can download the updated FrontPage Server Extensions from the following Microsoft web site: The updated FrontPage Server Extensions will quote all HTML constructions so that they appear exactly as you typed them rather than being evaluated as HTML.

STATUS

Microsoft has confirmed this to be a problem in the Microsoft FrontPage Server Extensions version 2.0.2.1112. This problem was corrected in Microsoft FrontPage Server Extensions version 2.0.3.209.

MORE INFORMATION

The revised version of the FrontPage Server Extensions will convert valid Uniform Resource Locators (URLs) into hyperlinks. The updated FrontPage Server Extensions will not allow HTML tags in any feedback form. Instead, the FrontPage Server Extensions will convert the HTML tags into the corresponding character entities that represent the code. For example, the less than sign (<) will be converted to < and the greater than sign (>) will be converted to >. This allows you to enter the HTML code into the feedback form. When you browse the form, the code will appear exactly as you typed it when you filled out the feedback form.

Any Web site that uses the FrontPage Server Extensions and where the results from a WebBot Discussion, WebBot Confirmation, or WebBot Save Results component are saved to a public HTML page, such as a guest book, can be compromised by a browser with a knowledge of the way FrontPage WebBot components work. For example, if you are browsing a web site, and you know the file names of the pages in the Web, you can alter the WebBot Save Results component that appends content to the known file.

Modification Type:MinorLast Reviewed:3/16/2005
Keywords:kbprb kbusage KB165347