Loading ...
Sorry, an error occurred while loading the content.

112Re: [caplet] Re: ADsafe, Take 6

Expand Messages
  • Adam Barth
    Oct 19, 2007
      One simple way to approximate this (if you didn't want to reuse
      someone else's code for validating HTML) would be to serialize your
      parsed HTML back to an octet-stream and compare it with the input
      (probably being tolerate of whitespace and capitalization in the
      appropriate places).

      On 10/19/07, Adam Barth <hk9565@...> wrote:
      > Why is ADsafe allowing invalid HTML at all? It seems like requiring
      > the HTML to be well-formed is a good first step in trying to
      > understand how it will be executed in different browsers.
      >
      > On 10/19/07, collin_jackson <collinj@...> wrote:
      > > Here's another one:
      > >
      > > <iframe/src="javascript:alert(42)"></iframe>
      > >
      > > --- In caplet@yahoogroups.com, "Douglas Crockford" <douglas@...> wrote:
      > > >
      > > > --- In caplet@yahoogroups.com, "collin_jackson" <collinj@> wrote:
      > > > >
      > > > > <div x="\"><img onload=alert(42)
      > > > > src=http://json.org/img/json160.gif>"></div>
      > > >
      > > > Excellent. Keep them coming.
      > > >
      > >
      >
    • Show all 30 messages in this topic