Re: Yahoo issues
Posted: Thu Apr 23, 2009 4:52 am
One other option, a bit lengthier, though safer lock-down:therube wrote:(Just to note, that in order to upload an attachment <at least in Yahoo Mail Classic>, you need to have either Forbid <IFRAME> or Apply these restrictions to trusted sites too, unchecked.)
Browse to your desired attachments in the usual way.
Click "Attach". Note that nothing happens -- the "page-loading" bar in the lower-right disappears.
Open NS menu > Blocked objects > several will show. The one that has a NoScript-type logo (not the Flash logos, you don't need those) and is something like
*@http://attach.xxx.mail.yahoo.com needs to be allowed. The "xxx" is sometimes "mud", sometimes some other three alpha-numerics. No matter.
Reload the page, and click "OK" when prompted.
You can now click "Attach", and everything will attach fine for the length of that session with Yahoo.
This is more cumbersome, but less risky than removing all restrictions on trusted sites or allowing all iFrames (which could include third-party advertisers that you might not want or trust). Then again, I'm security-paranoid
I, and others, have requested a way to allow such sub-objects permanently, especially on a per-site basis. Giorgio has a to-do list longer than that of the United Nations, so please be patient and use whichever of these workarounds you prefer.
I have also asked Yahoo Customer Care to reconsider their fairly recent change to requiring iFrames for attachments, pointing out the security risk. Their mail worked fine for years without it. No guarantees, but this squeaky wheel has gotten the grease (results) from outfits as large as Microsoft, so maybe if everyone else e-mails them with the same request...
.)