W3C home > Mailing lists > Public > www-html@w3.org > August 2006

Re: Security Markup

From: Orion Adrian <orion.adrian@gmail.com>
Date: Mon, 21 Aug 2006 08:55:35 -0400
Message-ID: <abd6c8010608210555l28a42e3eua6083e42995df3ac@mail.gmail.com>
To: "HTML Mailing List" <www-html@w3.org>

On 8/21/06, Kornel Lesinski <kornel@osiolki.net> wrote:
>
>
> > <div id="comment123"  nocode="true">
>
> I'm afraid that this would be too easy to bypass:
>
> <div id="comment123"  nocode="true">
>         $comment
> </div>
>
> $comment = '</div><script ...';

Not if you required the comments to be well-formed by themselves.

-- 

Orion Adrian
Received on Monday, 21 August 2006 12:55:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2012 18:16:07 GMT