W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > February 2011

[Bug 11668] Make the following note into a security warning: "It is possible that the output of this algorithm, if parsed with an HTML parser, will not return the original tree structure." and add an example of an attack (ack Eduardo Vela Nava)

From: <bugzilla@jessica.w3.org>
Date: Mon, 07 Feb 2011 22:34:51 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1PmZfX-0003Zn-B8@jessica.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=11668

--- Comment #3 from contributor@whatwg.org 2011-02-07 22:34:50 UTC ---
Checked in as WHATWG revision r5839.
Check-in comment: Raise the profile of a note to the level of a warning, since
what it is talking about could result in XSS.
http://html5.org/tools/web-apps-tracker?from=5838&to=5839

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Monday, 7 February 2011 22:34:53 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 February 2011 22:34:55 GMT