W3C home > Mailing lists > Public > public-html@w3.org > January 2011

[Bug 11668] New: Make the following note into a security warning: "It is possible that the output of this algorithm, if parsed with an HTML parser, will not return the original tree structure." and add an example of an attack (ack Eduardo Vela Nava)

From: <bugzilla@jessica.w3.org>
Date: Tue, 04 Jan 2011 21:54:48 +0000
To: public-html@w3.org
Message-ID: <bug-11668-2495@http.www.w3.org/Bugs/Public/>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=11668

           Summary: Make the following note into a security warning: "It
                    is possible that the output of this algorithm, if
                    parsed with an HTML parser, will not return the
                    original tree structure." and add an example of an
                    attack (ack Eduardo Vela Nava)
           Product: HTML WG
           Version: unspecified
          Platform: Other
               URL: http://www.whatwg.org/specs/web-apps/current-work/#ser
                    ializing-html-fragments
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P3
         Component: HTML5 spec (editor: Ian Hickson)
        AssignedTo: ian@hixie.ch
        ReportedBy: contributor@whatwg.org
         QAContact: public-html-bugzilla@w3.org
                CC: ian@hixie.ch, mike@w3.org,
                    public-html-wg-issue-tracking@w3.org,
                    public-html@w3.org


Specification:
http://www.whatwg.org/specs/web-apps/current-work/complete/the-end.html
Section:
http://www.whatwg.org/specs/web-apps/current-work/#serializing-html-fragments

Comment:
Make the following note into a security warning: "It is possible that the
output of this algorithm, if parsed with an HTML parser, will not return the
original tree structure." and add an example of an attack (ack Eduardo Vela
Nava)

Posted from: 216.239.45.4 by ian@hixie.ch

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Received on Tuesday, 4 January 2011 21:57:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 9 May 2012 00:17:18 GMT