[whatwg] Mistyping of title end tag causes white page

Ian Hickson ian at hixie.ch
Wed Mar 17 16:55:49 PDT 2010


On Sat, 20 Feb 2010, Nikita Popov wrote:
>
> I noticed, that mistyping the ending title tag causes a white page and a 
> title containing the whole source of the page (from the starting title 
> tag on) in firefox3.6 with enabled HTML5 Parsing Algorithm.
> 
> As I haven't read the the HTML5 Parsing Algorithm section, I don't know 
> whether this is a misimplementation or is defined this way in the 
> algorithm.
> 
> Obviously this cannot be the expected behavior. The second <title> tag 
> should be interpreted as a </title> tag.

On Mon, 22 Feb 2010, Henri Sivonen wrote:
> 
> The only type of recovery that doesn't introduce even more problems 
> would be first parsing until EOF and then rewinding to the <title> 
> element start and reparsing until the next <. Implementing the recovery 
> strategy from the previous sentence would make the parser vulnerable to 
> executability escalation attacks by forcing a premature EOF. (Granted, 
> the attacks are rather contrived.)
> 
> Consider: 
> <title><title><script>alert("Attack code could go here!");</script> .... </title> ... EOF
> vs.
> <title><title><script>alert("Attack code could go here!");</script> ... EOF
> 
> In practice, IE doesn't reliably recover from this class of authoring 
> error, so it's fair to believe that the Web doesn't depend on browsers 
> recovering from this situation. So far, I haven't seen bug reports about 
> this HTML5 behavior affecting pages on the Web. I have seen one report 
> about a non-IE-oriented intranet page (Mozilla's own!).

This is indeed the expected behaviour.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'



More information about the whatwg mailing list