- From: Daniel Veditz <dveditz@cruzio.com>
- Date: Sun, 22 Jan 2006 19:21:04 -0800
Lachlan Hunt wrote: > Ian Hickson wrote: >> A DOS attack on the server could cause the transmitted text to be: >> >> ... >> <!-- >> <script> hostileScript(): </script> >> >> ...which, if we re-parse the content upon hitting EOF with an open >> comment, would cause the script to be executed. > > I don't understand these security concerns. How is reparsing it after > reaching EOF any different from someone writing exactly the same script > without opening a comment before it? Won't the script be executed in > exactly the same way in both cases? We're assuming the web app is not going to allow anyone to write the plain <script> tags--a clear XSS risk--and that if it did allow comments it might not sanitize their contents, assuming them to be "safe".
Received on Sunday, 22 January 2006 19:21:04 UTC