Ian Hickson wrote:
Imagine that the page contains the following:
...
<!--
<script> hostileScript(): </script>
-->
...
...where "hostileScript()" is some script that does something bad.
A DOS attack on the server could cause the transmitted text to be:
...
<!--
<script> hostileScript(): </script>
...which, if we re-parse the content upon hitting EOF with an open
comment, would cause the script to be executed.
I don't understand these security concerns. How is reparsing it after
reaching EOF any different from someone writing exactly the same script
without opening a comment before it? Won't the script be executed in
exactly the same way in both cases?
However, don't take this as support for choosing to reparse it, I don't
like the concept of doing that at all for other reasons, I just don't
understand this security concern.
--
Lachlan Hunt
http://lachy.id.au/