W3C home > Mailing lists > Public > www-validator-css@w3.org > March 2003

Re: [FEATURE REQ] warning on floats with no width (was Re: [WD]: CSS Layout problem)

From: Philippe Le Hegaret <plh@w3.org>
Date: 24 Mar 2003 17:27:10 -0500
To: Paul Arzul <patricka@mkdoc.com>
Cc: www-validator-css@w3.org
Message-Id: <1048544830.7786.139.camel@jfouffa.w3.org>

On Wed, 2003-03-12 at 07:29, Paul Arzul wrote:
> unescaped html in "Valid CSS informations" is a potential security issue.
> 
> simple test case[1]:
> 
> body:before
> {
>    content: "<script>alert('Hello World')</script>";
> }

This bug has been added in the bugzilla database:
http://www.w3.org/Bugs/Public/show_bug.cgi?id=145

> Paul Arzul wrote:
> > 
> > a:before
> > {
> >   content: "<b>bold</b>";
> > }
> > 
> > validates fine - but the validator generated html produced is:
> > 
> > <b>bold</b>
> > 
> > when it should[1] be:
> > 
> > &lt;b&gt;bold&lt;/b&gt;

I believe this is the same bug.

Philippe
Received on Monday, 24 March 2003 17:27:16 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 27 June 2012 00:14:11 GMT