- From: Ian Hickson <ian@hixie.ch>
- Date: Wed, 17 Mar 2010 23:55:49 +0000 (UTC)
On Sat, 20 Feb 2010, Nikita Popov wrote:
>
> I noticed, that mistyping the ending title tag causes a white page and a
> title containing the whole source of the page (from the starting title
> tag on) in firefox3.6 with enabled HTML5 Parsing Algorithm.
>
> As I haven't read the the HTML5 Parsing Algorithm section, I don't know
> whether this is a misimplementation or is defined this way in the
> algorithm.
>
> Obviously this cannot be the expected behavior. The second <title> tag
> should be interpreted as a </title> tag.
On Mon, 22 Feb 2010, Henri Sivonen wrote:
>
> The only type of recovery that doesn't introduce even more problems
> would be first parsing until EOF and then rewinding to the <title>
> element start and reparsing until the next <. Implementing the recovery
> strategy from the previous sentence would make the parser vulnerable to
> executability escalation attacks by forcing a premature EOF. (Granted,
> the attacks are rather contrived.)
>
> Consider:
> <title><title><script>alert("Attack code could go here!");</script> .... </title> ... EOF
> vs.
> <title><title><script>alert("Attack code could go here!");</script> ... EOF
>
> In practice, IE doesn't reliably recover from this class of authoring
> error, so it's fair to believe that the Web doesn't depend on browsers
> recovering from this situation. So far, I haven't seen bug reports about
> this HTML5 behavior affecting pages on the Web. I have seen one report
> about a non-IE-oriented intranet page (Mozilla's own!).
This is indeed the expected behaviour.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 17 March 2010 16:55:49 UTC