Serious privacy leak in Python for Windows

Mark Hammond mhammond at
Wed Jan 16 00:54:09 EST 2002

Don Tuttle wrote:

> "Mark Hammond"
>>So, rather than to fix this hole, I think the best solution is to
>>disable "safe" scripting by the Python Scripting engine.  This will mean
>>ASP, WSH etc. will continue to work, but IE will refuse to execute the
> Not quite sure what you mean.  I found that disabling "Scipt ActiveX
> controls marked safe for scripting" has no effect in IE6.  The test page
> still works.
> It took disabling "Scripting:Active Scripting" to keep IE from running the
> web page's code.  This stops all scripting, not just Python.

I meant for the ActiveScripting engine to be changed to disable the 
support.  Until the new version is out, all you can reasonably do is 
disable Python completely by running the "--unregister" command.


More information about the Python-list mailing list