This literally caused me to have a bad taste in my mouth when I was in high school:<p>My yearbook advisor sent yahoo mail and asked what I would like to be picked up at Starbucks for an early morning meeting the next day.<p>"Caramel Mocha, thank you!", I replied.<p>The next morning, I was surprised with an undrinkable "Caramel espresso" - an espresso with a pump of caramel syrup. I thought she had made an innocent mistake and was shocked to see there was in fact a difference between my sent text and her received text. I had no explanation.<p>After some years in web dev, and encountering this article, I realized that, as the precursor to javascript - the script type "mocha" was valid, so yahoo just went ahead and replaced all references to mocha with something that probably seemed innocuous to a junior developer - except it wasn't.
Tangent related to this. I had an old yahoo mail address from late 90s till mid 00s before I switched to gmail. Lots of family / high school / college / early professional emails were there.<p>The other month I logged in to view them as I do every so often and yahoo had purged the entire archive. Like 20MB worth of emails gone.<p>Apparently they have a policy if you do not log in in a year of time they will delete everything with no way to recover.<p>I can’t imagine the decision making to put this policy in nor could I ever imagine using yahoo email again for any purpose whatsoever.
This is very funny. At least one of the resulting words is sufficiently attested to have been recorded by Wiktionary.<p><a href="https://en.wiktionary.org/wiki/medireview" rel="nofollow">https://en.wiktionary.org/wiki/medireview</a><p>> Etymology: Coined accidentally by Yahoo! Mail in 2001, from medieval by automated string substitution of review for eval, a Javascript command short for evaluate.
I remember sending fake Yahoo login forms as html attachments. eval() & alert() fix:<p>`const ev = 'ev', al = 'al', ert = 'ert'; window[ev + al](window[al + ert]('hi'))`
Yahoo's latest tactic is just to insist on complete DMARC alignment to even stand a chance of being delivered. We have no problems with pretty much any other provider apart from them. And of course, they won't help you understand what is wrong with a particular message and how to avoid spam traps because "that would help phishing", which of course is patently nonsense since GMail pretty much tell you how to keep you mail acceptable.
Here's a contemporary site where the users discuss their confusion.<p>"When did "Medireview" = Medieval???"<p><a href="https://www.enworld.org/threads/when-did-medireview-medieval.4600/" rel="nofollow">https://www.enworld.org/threads/when-did-medireview-medieval...</a>
I get not wanting to forward JS in email messages onto your customers whose browsers will run it and forward your login cookies to criminals.<p>I do not get thinking that replacing the word "eval" with "review" is a solution to that problem.
Almost completely OT, but reminds me of a company I used to write for who for reasons decided that we weren't authors any more, but writers. Somebody did a find n replace on the documentation which lead to some interesting constructions like "if a piece has been writered by multiple writers..."
Content modification usually leads to vulns (e.g, XSS filters, possible bitsquatting enabled here if they change URLs or breaking array bounds checks in programs). Classic 90s security. Too bad 90s security never went away.
Dumb user question: Why is this URL redirecting to <a href="https://" rel="nofollow">https://</a> from <a href="http://" rel="nofollow">http://</a>
Obligatory Tom Scott video on the Scunthorpe problem<p><a href="https://www.youtube.com/watch?v=CcZdwX4noCE" rel="nofollow">https://www.youtube.com/watch?v=CcZdwX4noCE</a>