- From: Lachlan Hunt <lachlan.hunt@lachy.id.au>
- Date: Mon, 23 Jan 2006 13:50:28 +1100
Ian Hickson wrote: > Imagine that the page contains the following: > > ... > <!-- > <script> hostileScript(): </script> > --> > ... > > ...where "hostileScript()" is some script that does something bad. > > A DOS attack on the server could cause the transmitted text to be: > > ... > <!-- > <script> hostileScript(): </script> > > ...which, if we re-parse the content upon hitting EOF with an open > comment, would cause the script to be executed. I don't understand these security concerns. How is reparsing it after reaching EOF any different from someone writing exactly the same script without opening a comment before it? Won't the script be executed in exactly the same way in both cases? However, don't take this as support for choosing to reparse it, I don't like the concept of doing that at all for other reasons, I just don't understand this security concern. -- Lachlan Hunt http://lachy.id.au/
Received on Sunday, 22 January 2006 18:50:28 UTC