The Shrine

PostPosted:**Tue Oct 19, 2004 11:14 am**

<div style='font: 10pt verdana; text-align: left; padding: 0% 10% 0% 10%; '><b>Link:</b> <a href="http://www.securityfocus.com/archive/1/ ... 10-21/0</a>

This is related to the sloppy code discussion from below: according to this guy's analysis, IE handles pathological HTML, while other browser crash. (What you should do with invalid HTML is a semi-open question, but it should NEVER cause the browser to crash.)</div>

PostPosted:**Tue Oct 19, 2004 11:12 pm**

<div style='font: 14pt "Sans Serif"; text-align: justify; padding: 0% 15% 0% 15%; '>Bad pointers seem to be one of the biggest culprits. The real problem comes due to the fact that not all browsers handle malformed HTML in the same way. Do you ignore it and move on, do you take a wild stab at it, etc. Then developers start relying on the bugs and then the stuff hits the fan...</div>

PostPosted:**Tue Oct 19, 2004 11:53 pm**

<div style='font: 10pt verdana; text-align: left; padding: 0% 10% 0% 10%; '>I think this is a seperate issue of how to handle invalid HTML - you have to recognize it's invalid (i.e., not crash or hang) before you can make a decision on what to do with it.</div>

PostPosted:**Sun Oct 24, 2004 2:18 pm**

<div style='font: 10pt "EngraversGothic BT", "Copperplate Gothic Light", "Century Gothic"; text-align: left; '><b>Link:</b> <a href="http://it.slashdot.org/article.pl?sid=0 ... tid=218</a>

The big difference is that this will probably get fixed by next week. Major security holes in IE take months for MS to get on their ass to fix. Also, the large thread on IE explains volumes more than we could.</div>

PostPosted:**Sun Oct 24, 2004 2:35 pm**

<div style='font: 10pt "EngraversGothic BT", "Copperplate Gothic Light", "Century Gothic"; text-align: left; '><b>Link:</b> <a href="https://bugzilla.mozilla.org/show_bug.c ... 64944">Bug 264944 - Crashes found with Zalewski's mangleme (Bugtraq: "browsers, a mini-farce")</a>

Indeed, here's the Bugzilla bug for it.</div>