

A short subject to increase the ammount of code to run



A short bit of text in the body so that the code isn't treated as quoted text



And your code



I was recently attempting to mail some javascript code from my yahoo account to my gmail when I came across this vulnerability.Apparently javascript will run if it is withing the preview of the message.I only tested this sending from a yahoo account. Sending gmail to gmail appears to filter this out.This is what the message has to compose ofMy simple test was : Subject: a Body: asdfasdf alert("asdF"); Here is the screen:Last time I killed my friends server so I uploaded it to flickr instead.This vulnerability could be used to gather email addresses. Or even possibly to compromise the account.