lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: full-disclosure at arago.de (Thomas Binder) Subject: !A stupid bug ...that works on mozilla, opera, IE! Hi! On Thu, Oct 09, 2003 at 06:04:00PM -0500, Wayne Schroeder wrote: > I don't know sport... I think you need to double check your "'s > and look again. Javascript console is just bitching on my > mozilla saying that the alert function isn't finished with a ) > correctly. Also note that using the sequence </ within a <script> block will be treated as end-of-script. Quoting from http://www.w3.org/TR/html4/types.html#type-cdata: -- snip -- Although the STYLE and SCRIPT elements use CDATA for their data model, for these elements, CDATA must be handled differently by user agents. Markup and entities must be treated as raw text and passed to the application as is. The first occurrence of the character sequence "</" (end-tag open delimiter) is treated as terminating the end of the element's content. In valid documents, this would be the end tag for the element. -- snap -- Thus, even with correct quotes, the JavaScript code will be considered finished at the first </script>, even though it's within quotes (the browser must not interpret the script code when looking for the end tag). The remaining ")</script> is then displayed as ") in the browser window. Note that it gets displayed in the document, not in an alert box (which the original post was suggesting). Furthermore, you'll get a JavaScript error, as the actual script code seen by the engine is alert("<script>location.href="http://www.ysgnet.com" which is invalid - so no alert box at all. Ciao Thomas
Powered by blists - more mailing lists