Welcome to WebHeadStart.org

Web Technologies

HTML Attributes

HTML Resources

WWW-HTML Mailing List

	Sponsored By
Systems Insight Web Development Consulting

	WebHeadStart.org is currently in beta. Please pardon our appearance as we work to provide you with the most comprehensive reference on today's web technologies.

	Interested in advertising on WebHeadStart? Become an advertising partner today!

[WWW-HTML Mailing List Archive Home] [Messages By Thread] [Messages By Date]

Re: Security Markup

From: Orion Adrian <orion.adrian@gmail.com>
Date: Mon, 21 Aug 2006 08:55:35 -0400
Message-ID: <abd6c8010608210555l28a42e3eua6083e42995df3ac@mail.gmail.com>
To: "HTML Mailing List" <www-html@w3.org>


On 8/21/06, Kornel Lesinski <kornel@osiolki.net> wrote:
>
>
> > <div id="comment123"  nocode="true">
>
> I'm afraid that this would be too easy to bypass:
>
> <div id="comment123"  nocode="true">
>         $comment
> </div>
>
> $comment = '</div><script ...';

Not if you required the comments to be well-formed by themselves.

-- 

Orion Adrian

Received on Monday, 21 August 2006 12:55:45 GMT

This message: [ Message body ]
Next message: Ahmed Saad: "Re: Security Markup"
Previous message: Mark Birbeck: "Re: Security Markup"
Maybe in reply to: Ahmed Saad: "Security Markup"
Next in thread: Bjoern Hoehrmann: "Re: Security Markup"
Reply: Bjoern Hoehrmann: "Re: Security Markup"

Valid XHTML 1.0!

Valid CSS!

Site Map | Privacy Policy | Terms of Use | WebHeadStart.org © 2005 All Rights Reserved.