[whatwg] comment parsing
Lachlan Hunt
lachlan.hunt at lachy.id.au
Sun Jan 22 18:50:28 PST 2006
Ian Hickson wrote:
> Imagine that the page contains the following:
>
> ...
> <!--
> <script> hostileScript(): </script>
> -->
> ...
>
> ...where "hostileScript()" is some script that does something bad.
>
> A DOS attack on the server could cause the transmitted text to be:
>
> ...
> <!--
> <script> hostileScript(): </script>
>
> ...which, if we re-parse the content upon hitting EOF with an open
> comment, would cause the script to be executed.
I don't understand these security concerns. How is reparsing it after
reaching EOF any different from someone writing exactly the same script
without opening a comment before it? Won't the script be executed in
exactly the same way in both cases?
However, don't take this as support for choosing to reparse it, I don't
like the concept of doing that at all for other reasons, I just don't
understand this security concern.
--
Lachlan Hunt
http://lachy.id.au/
More information about the whatwg
mailing list