document.close() in document.write() from Henri Sivonen on 2008-11-19 (public-html@w3.org from November 2008)

From: Henri Sivonen <hsivonen@iki.fi>
Date: Wed, 19 Nov 2008 13:24:12 +0200
To: HTML WG <public-html@w3.org>
Message-Id: <824FE395-02AC-48A7-B274-F8B8A4842362@iki.fi>

Consider (warning: test case freezes IE8 beta2 if XSS filter by-passed):
http://software.hixie.ch/utilities/js/live-dom-viewer/?%3C!DOCTYPE%20html%3E%0A%3Cscript%3Edocument.write(%22%3Cscript%3Edocument.write(%27a%27)%3Bdocument.close()%3B%3C%5C%2Fscript%3EEND%22)%3B%3C%2Fscript%3E

Compare with:
http://www.whatwg.org/specs/web-apps/current-work/#dom-document-close

document.close() in Gecko/WebKit/Opera does not insert an explicit EOF  
at insertion point. Instead, it marks the parser stream as no longer  
accepting more writes, but previously written pending data is still  
tokenized.

-- 
Henri Sivonen
hsivonen@iki.fi
http://hsivonen.iki.fi/

Received on Wednesday, 19 November 2008 11:24:53 UTC