- From: Henri Sivonen <hsivonen@iki.fi>
- Date: Mon, 22 Feb 2010 15:45:13 +0200
On Feb 20, 2010, at 23:59, Nikita Popov wrote: > I noticed, that mistyping the ending title tag causes a white page and a title containing the whole source of the page (from the starting title tag on) in firefox3.6 with enabled HTML5 Parsing Algorithm. > > As I haven't read the the HTML5 Parsing Algorithm section, I don't know whether this is a misimplementation or is defined this way in the algorithm. It's not a misimplementation. > Obviously this cannot be the expected behavior. The second <title> tag should be interpreted as a </title> tag. The only type of recovery that doesn't introduce even more problems would be first parsing until EOF and then rewinding to the <title> element start and reparsing until the next <. Implementing the recovery strategy from the previous sentence would make the parser vulnerable to executability escalation attacks by forcing a premature EOF. (Granted, the attacks are rather contrived.) Consider: <title><title><script>alert("Attack code could go here!");</script> .... </title> ... EOF vs. <title><title><script>alert("Attack code could go here!");</script> ... EOF In practice, IE doesn't reliably recover from this class of authoring error, so it's fair to believe that the Web doesn't depend on browsers recovering from this situation. So far, I haven't seen bug reports about this HTML5 behavior affecting pages on the Web. I have seen one report about a non-IE-oriented intranet page (Mozilla's own!). -- Henri Sivonen hsivonen at iki.fi http://hsivonen.iki.fi/
Received on Monday, 22 February 2010 05:45:13 UTC