[whatwg] several messages about XML syntax and HTML5
Simon Pieters
zcorpan at hotmail.com
Fri Dec 8 14:09:18 PST 2006
Hi,
From: Sander Tekelenburg <tekelenb at euronet.nl>
>Right. That's a window of opportunity (for the sort of attack I mentioned)
>I'm voicing concern about. I agree that it will likely be much harder when
>all browsers are HTML5-compliant and most authors produce HTML5. But before
>that?
Well... for the past 7-8 years it has been possible to use IE's conditional
comments to completely hide everything from non-IE browsers:
<!--[if IE]>
...page content...
<![endif]-->
Similarly, bugs in browsers' CSS implementation has made it possible to only
show the content for a single browser, e.g.:
body { display:none; }
* html body { display:block; }
I'm sure you can find bugs or features in every language supported by
browser vendors that allows for these kinds of attacks, and has been
possible for years. If it hasn't happened as of now, why do you think it
will happen in the next few years? Does it matter if it is HTML parsing that
is exploited or some other technology?
Regards,
Simon Pieters
_________________________________________________________________
Jämför priser på plasmateve http://pricerunner.msn.se/
More information about the whatwg
mailing list