{"id":40483,"date":"2004-02-25T07:36:00","date_gmt":"2004-02-25T07:36:00","guid":{"rendered":"https:\/\/blogs.msdn.microsoft.com\/oldnewthing\/2004\/02\/25\/why-cant-i-put-hotlinks-in-notification-icon-balloon-tips\/"},"modified":"2004-02-25T07:36:00","modified_gmt":"2004-02-25T07:36:00","slug":"why-cant-i-put-hotlinks-in-notification-icon-balloon-tips","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20040225-00\/?p=40483","title":{"rendered":"Why can&#039;t I put hotlinks in notification icon balloon tips?"},"content":{"rendered":"<p>The short answer: &#8220;Because there is no NIF_PARSELINKS flag.&#8221;<\/p>\n<p>\nThe long answer:\n<\/p>\n<p>\nWhen balloon tips were first developed, there was no ability\nto embed links.\nConsequently, programs were free to put insecure text in balloon tips,\nsince there was no risk that they would become &#8220;live&#8221;.\nSo, for example, a virus scanner might say\n&#8220;The document &#8216;XYZ&#8217; has been scanned and found to be\nfree of viruses.&#8221;\n<\/p>\n<p>\nNow suppose hotlinks were supported in balloon tips.\nLook at how this can be exploited:\nI can write a web page that goes<\/p>\n<pre>\n&lt;TITLE&gt;&amp;lt;A HREF=\"file:C:\\Windows\\system32\\format.com?C:\"&amp;gt;\nParty plans&amp;lt;\/A&amp;gt;&lt;\/TITLE&gt;\n<\/pre>\n<p>I then rename the file to &#8220;Party plans.html&#8221;,\nattach it to some email, and send it to you.\n<\/p>\n<p>\nYou download the message and since you are a cautious person,\nyou ask your virus scanner to check it out.\nThe balloon appears:\n<\/p>\n<table BORDER=\"0\" STYLE=\"background: #FFFFE1;color: black;border: black solid 1px\">\n<tr>\n<td>\n<b>Virus scan complete<\/b>\n<\/td>\n<td ALIGN=\"right\">&times;<\/td>\n<\/td>\n<\/tr>\n<tr>\n<td COLSPAN=\"2\">\nThe document &#8216;<u>Party plans<\/u>&#8216; has been scanned<br \/>\nand found to be free of known viruses.\n<\/td>\n<\/tr>\n<\/table>\n<p>\n&#8220;Oh, how convenient,&#8221; you say to yourself.\n&#8220;The virus scanner even included a hotlink to the document\nso I can read it.&#8221;\n<\/p>\n<p>\nAnd then you click on it and your hard drive gets reformatted.\n<\/p>\n<p>\n&#8220;So why don&#8217;t you add a NIF_PARSELINKS flag, so people\nwho want to enable hotlinks in their balloon tips can do so,\nand still remain compatible with people who wrote to the old API?&#8221;\n<\/p>\n<p>\n(I&#8217;ve heard of one person trying to pass a TTF_PARSELINKS flag\nin the\n<a HREF=\"http:\/\/msdn.microsoft.com\/library\/en-us\/shellcc\/platform\/shell\/reference\/structures\/notifyicondata.asp\">NOTIFYICONDATA<\/a>.uFlags\nmember and wondering why it wasn&#8217;t\nworking. I hope it&#8217;s obvious to everybody why this had no chance\nof working.)\n<\/p>\n<p>\nBecause that would just be passing the buck.\nAnybody who used this proposed flag would then have to\nbe extra-careful not to put untrusted links in their balloon\ntips.  Most people would just say, &#8220;Wow! A new flag!\nThat&#8217;s awesome!&#8221; and start using it without considering\nthe serious security implications.\nThen somebody can trick the program into putting untrusted\ntext into a balloon tip and thereby exploit the security hole.\n<\/p>\n<p>\n&#8220;Aw, come on, who would be so stupid as to write code without\nconsidering all the security implications?&#8221;\n<\/p>\n<p>I hope that was a joke question.<\/p>\n<p>\nThe best way to make sure things are secure is to make it\nimpossible to be insecure.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The short answer: &#8220;Because there is no NIF_PARSELINKS flag.&#8221; The long answer: When balloon tips were first developed, there was no ability to embed links. Consequently, programs were free to put insecure text in balloon tips, since there was no risk that they would become &#8220;live&#8221;. So, for example, a virus scanner might say &#8220;The [&hellip;]<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[2],"class_list":["post-40483","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing","tag-history"],"acf":[],"blog_post_summary":"<p>The short answer: &#8220;Because there is no NIF_PARSELINKS flag.&#8221; The long answer: When balloon tips were first developed, there was no ability to embed links. Consequently, programs were free to put insecure text in balloon tips, since there was no risk that they would become &#8220;live&#8221;. So, for example, a virus scanner might say &#8220;The [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/40483","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=40483"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/40483\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=40483"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=40483"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=40483"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}