>>I think it is obvious that
"</script>" is not a "safe" string under certain JavaScript conditions.
The problem is not with Javascript here, it is with the HTML parser.
The HTML parser considers that the JS code is only
alert('
and passes it to the JS engine. The engine does what it can with what it
gets.
I think one must remember that there are two layers involved:
the first layer HTML defines the <script>...</script> as containing
anything except
the string "</script>".
--
_______________________________________
REUSE CODE! Use custom tags;
See http://www.contentbox.com/claude/customtags/tagstore.cfm
(Please send any spam to this address: [EMAIL PROTECTED])
Thanks.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to
date
Get the Free Trial
http://ad.doubleclick.net/clk;160198600;22374440;w
Archive:
http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:295651
Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
