Ian Hickson wrote:
Imagine that the page contains the following:... <!-- <script> hostileScript(): </script> --> ... ...where "hostileScript()" is some script that does something bad. A DOS attack on the server could cause the transmitted text to be: ... <!-- <script> hostileScript(): </script>...which, if we re-parse the content upon hitting EOF with an open comment, would cause the script to be executed.
I don't understand these security concerns. How is reparsing it after reaching EOF any different from someone writing exactly the same script without opening a comment before it? Won't the script be executed in exactly the same way in both cases?
However, don't take this as support for choosing to reparse it, I don't like the concept of doing that at all for other reasons, I just don't understand this security concern.
-- Lachlan Hunt http://lachy.id.au/
