lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 21 Jul 2009 16:30:53 -0700 From: Michal Zalewski <lcamtuf@...edump.cx> To: Thierry Zoller <Thierry@...ler.lu> Cc: bugtraq <bugtraq@...urityfocus.com>, full-disclosure <full-disclosure@...ts.grok.org.uk>, info@...cl.etat.lu, vuln@...unia.com, cert@...t.org, nvd@...t.gov, cve@...re.org Subject: Re: Re[6]: [Full-disclosure] Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... > http://www.w3.org/TR/REC-DOM-Level-1/level-one-html.html > ------------------------------------------------------ > readonly attribute long length; > ------------------------------------------------------ That was DOM Level 1 (1999). Even level 2 (2000) has this as read-write: http://www.w3.org/TR/DOM-Level-2-HTML/html.html#ID-94282980 Also keep in mind that with relatively few exceptions, W3C simply trailed and struggled to capture status quo (or some compromise representation thereof) back then. /mz
Powered by blists - more mailing lists