Quoting Lachlan Hunt [EMAIL PROTECTED]:
No it doesn't. Neither of them make any sense at all. If I've
understood this thread well enough, the whole concept behind it means
to take this element out of the normal flow and do some magic to
display it somewhere appropriate in the chrome of the
On Sat, 21 Jan 2006, Anne van Kesteren wrote:
Quoting Anne van Kesteren [EMAIL PROTECTED]:
However, from the specification it is not entirely clear what should happen
with !--/p.
The specification also does not match what is widely implemented for cases
like:
# p!-- --FAIL/p
Here
Ian Hickson wrote:
Imagine that the page contains the following:
...
!--
script hostileScript(): /script
--
...
...where hostileScript() is some script that does something bad.
A DOS attack on the server could cause the transmitted text to be:
...
!--
script
On Mon, 23 Jan 2006, Lachlan Hunt wrote:
I don't understand these security concerns. How is reparsing it after
reaching EOF any different from someone writing exactly the same script
without opening a comment before it? Won't the script be executed in exactly
the same way in both cases?
On Mon, 23 Jan 2006, Lachlan Hunt wrote:
Well, for what it's worth, I still don't think you were being stupid, I think
you were right all along and had this been implemented by more than just
Mozilla 7 years ago, the result may have been different.
Authors find the -- thing unbelievably
Ian Hickson wrote:
On Mon, 23 Jan 2006, Lachlan Hunt wrote:
Well, for what it's worth, I still don't think you were being stupid, I think
you were right all along and had this been implemented by more than just
Mozilla 7 years ago, the result may have been different.
Authors find the -- thing