Closed
Bug 278055
Opened 20 years ago
Closed 20 years ago
incorrect HTML parsering.(Sorry 4 my poor english:)
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 236002
People
(Reporter: cbin81, Unassigned)
References
()
Details
It seems that FirFox cannot parser HTML correctly when it encounters HTML tags
like <Button*> or <Body*>. It seems treat <Body*> as <Body[a Space]> and IE
dosen't. So a HTML file like this: <body* onload="alert(123)">asdfa</body> will
show an alert window when loaded in FireFox, but dosen't in IE. If someone build
a file that does some harmful in the "onload" section ..., IE users will be glad
to see this won't affect them:)
I'm using FieFox v1.0(Simplified Chinese version).
It's about says :Mozilla/5.0 (Windows; U; Windows NT 5.0; zh-CN; rv:1.7.5)
Gecko/20041124 Firefox/1.0
My OS is Windows 2000 pro simplified chinese version with sp4.
Hope this is not my fault :)
I LIKE THE LOVLY FIREFOX!!
Comment 1•20 years ago
|
||
I assume you're referring to the first comment at the above URL,
http://www.codeproject.com/vcpp/gdiplus/gdiplushelper.asp?df=100&forumid=3952&select=831778#xx831778xx
In that case the HTML angle brackets should have been escaped, or the "do not
treat <'s as HTML tags" checkbox should have been checked when that site comment
was entered. The layout issue on the page is a site/author problem: Even if
<Button*> were not recognized as a button we would still hide the unknown tag
when displaying.
If someone knew how to program something harmful it's not the "*" parsing that
will allow for it. Clearing security confidential flag.
I'm not sure of the technical HTML parsing specs so I'll bump this over to them
to evaluate.
Assignee: firefox → parser
Group: security
Component: General → HTML: Parser
Product: Firefox → Core
QA Contact: general → mrbkap
Version: 1.0 Branch → Trunk
Comment 2•20 years ago
|
||
I'm marking this as a duplicate of bug 236002, since the remaining compat. issue
with IE was fixed by that bug.
*** This bug has been marked as a duplicate of 236002 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•