On Feb 20, 2010, at 23:59, Nikita Popov wrote:
> I noticed, that mistyping the ending title tag causes a white page and a
> title containing the whole source of the page (from the starting title tag
> on) in firefox3.6 with enabled HTML5 Parsing Algorithm.
>
> As I haven't read the the HTML5 Parsing Algorithm section, I don't know
> whether this is a misimplementation or is defined this way in the algorithm.
It's not a misimplementation.
> Obviously this cannot be the expected behavior. The second <title> tag should
> be interpreted as a </title> tag.
The only type of recovery that doesn't introduce even more problems would be
first parsing until EOF and then rewinding to the <title> element start and
reparsing until the next <. Implementing the recovery strategy from the
previous sentence would make the parser vulnerable to executability escalation
attacks by forcing a premature EOF. (Granted, the attacks are rather contrived.)
Consider:
<title><title><script>alert("Attack code could go here!");</script> ....
</title> ... EOF
vs.
<title><title><script>alert("Attack code could go here!");</script> ... EOF
In practice, IE doesn't reliably recover from this class of authoring error, so
it's fair to believe that the Web doesn't depend on browsers recovering from
this situation. So far, I haven't seen bug reports about this HTML5 behavior
affecting pages on the Web. I have seen one report about a non-IE-oriented
intranet page (Mozilla's own!).
--
Henri Sivonen
hsivo...@iki.fi
http://hsivonen.iki.fi/
