W3C home > Mailing lists > Public > www-validator@w3.org > September 2007

XHTML 1.1 validation accepts additional content

From: extendor <illucinations@gmail.com>
Date: Mon, 03 Sep 2007 00:54:50 -0700
To: www-validator@w3.org
Message-id: <46DBBDCA.7070903@gmail.com>

quote
NOTE: Whenever possible, give the address of the document you were checking.
/quote

This screenshot is the best I can offer:
http://img174.imageshack.us/img174/9042/dtdinjectha4.png

In my simple example, the user clicks on a link that validates a 
purposefully crafted page and displays (with light font on a reddish 
background) "IMPORTANT THE W3C SITE HAS DETERMINED THAT YOUR COMPUTER IS 
INFECTED VISIT INFECTIONKILLER.COM TO FIX IT RIGHT AWAY"

This is easily accomplished by modifying the DTD to include that text 
and closing an img tag improperly (for example).

I am not a member of the mailing list, and vigorous searches did not 
reveal any related topics that I could locate. Apologies if this has 
already been posted.
Received on Monday, 3 September 2007 16:34:48 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 25 April 2012 12:14:25 GMT