[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40F6AC62.6020707@sdf.lonestar.org>
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald)
Subject: Exploits in websites due to buggy input validation
where mozilla is at fault as well as the website.
Nick FitzGerald wrote:
>
>Nope -- _VERY_ bad idea.
>
>
>
I'm not sure I'd call it a *very* bad idea... it's better than silently
finishing incomplete tags.
>Idiot users want to blow both their feet off.
>
>Asking them "do you want a chance to blow your feet off?" only slows
>the inevitable slightly, never prevents it.
>
>
>
Well, yeah, and that's always going to be the case no matter what you
do. Let's at least make it so that non-idiot users don't get their feet
blown off regardless.
>The correct solution to all such problems is simply to reject the
>content as malformed. And guess what will happen when you do that?
>Several really crappy web design products will disappear because the
>folk using them will drop them because no-one can see their pages _and_
>the rest will suddenly become very inetrested in producing properly
>compliant content, as they should have been from the outset.
>
>
Yeah - that's probably a better idea. It's garbage data if it's
malformed. Dropping it is far better.
-Barry
Powered by blists - more mailing lists