[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20031010121349.GA12584340@ohm.arago.de>
From: full-disclosure at arago.de (Thomas Binder)
Subject: !A stupid bug ...that works on mozilla, opera, IE!
Hi!
On Thu, Oct 09, 2003 at 06:04:00PM -0500, Wayne Schroeder wrote:
> I don't know sport... I think you need to double check your "'s
> and look again. Javascript console is just bitching on my
> mozilla saying that the alert function isn't finished with a )
> correctly.
Also note that using the sequence </ within a <script> block will
be treated as end-of-script. Quoting from
http://www.w3.org/TR/html4/types.html#type-cdata:
-- snip --
Although the STYLE and SCRIPT elements use CDATA for their data
model, for these elements, CDATA must be handled differently by
user agents. Markup and entities must be treated as raw text and
passed to the application as is. The first occurrence of the
character sequence "</" (end-tag open delimiter) is treated as
terminating the end of the element's content. In valid documents,
this would be the end tag for the element.
-- snap --
Thus, even with correct quotes, the JavaScript code will be
considered finished at the first </script>, even though it's
within quotes (the browser must not interpret the script code when
looking for the end tag). The remaining
")</script>
is then displayed as
")
in the browser window. Note that it gets displayed in the
document, not in an alert box (which the original post was
suggesting).
Furthermore, you'll get a JavaScript error, as the actual script
code seen by the engine is
alert("<script>location.href="http://www.ysgnet.com"
which is invalid - so no alert box at all.
Ciao
Thomas
Powered by blists - more mailing lists