W3C home > Mailing lists > Public > www-html@w3.org > August 2006

Re: Security Markup

From: Orion Adrian <orion.adrian@gmail.com>
Date: Mon, 21 Aug 2006 08:55:35 -0400
Message-ID: <abd6c8010608210555l28a42e3eua6083e42995df3ac@mail.gmail.com>
To: "HTML Mailing List" <www-html@w3.org>


On 8/21/06, Kornel Lesinski <kornel@osiolki.net> wrote:
>
>
> > <div id="comment123"  nocode="true">
>
> I'm afraid that this would be too easy to bypass:
>
> <div id="comment123"  nocode="true">
>         $comment
> </div>
>
> $comment = '</div><script ...';

Not if you required the comments to be well-formed by themselves.

-- 

Orion Adrian

Received on Monday, 21 August 2006 12:55:45 GMT

This message: [ Message body ]
Next message: Ahmed Saad: "Re: Security Markup"
Previous message: Mark Birbeck: "Re: Security Markup"
Maybe in reply to: Ahmed Saad: "Security Markup"
Next in thread: Bjoern Hoehrmann: "Re: Security Markup"
Reply: Bjoern Hoehrmann: "Re: Security Markup"

Mail actions: [ respond to this message ] [ mail a new topic ]
Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
Help: [ How to use the archives ] [ Search in the archives ]

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:49:41 GMT