21 responses to this plurk (Jump to bottom)

• 

  @Kent Apr 05, 2009 06:54PM

  wow, there are *2* unmatched p-tags: paste.plurk.com/show/1859/
• 

  @Kent Apr 05, 2009 07:19PM

  Also: WTF? You mingle \r\n and \n ? do you like misery?
• 

  @Kent Apr 05, 2009 07:20PM

  Also: WTF? Why do some browsers get told "xml:lang='None' lang='None'" ( wtf? ) and others get told 'en-us'
• 

  @Kent Apr 05, 2009 07:20PM

  also, why do you mix <meta/> (self closing) and <meta> ( unclosed ) tags in the Code?
• 

  amix Apr 05, 2009 09:01PM

  most of our HTML is generated - so it's hard to keep it tidy, but I don't really think these are problematic
• 

  @Kent Apr 05, 2009 09:02PM

  my concern was primarily that there might have been some sort of data-driven situation that caused some of these imbalances, and if it was
• 

  @Kent Apr 05, 2009 09:03PM

  then that would be a sign of a possible attack vector
• 

  @Kent Apr 05, 2009 09:22PM

  experiments: ha.ckers.org/xss.js?ext=.jpg
• 

  @Kent Apr 05, 2009 09:25PM

  data://base64:ASDF#.jpg
• 

  @Kent Apr 05, 2009 09:29PM

  +++
• 

  f00li5h Apr 06, 2009 12:23AM

  reminds kentfredric that <p> tags are self ending in html...
• 

  f00li5h Apr 06, 2009 12:24AM

  suggests to amix that having components that generate matched tags makes it a lot easier to ensure tags are matched
• 

  @Kent Apr 06, 2009 07:02AM

  f00li5h, but its XHTML, not HTML . and they're closed, but not opened, and they're closed in the middle of an H1 -_-
• 

  SubStack Apr 06, 2009 01:52PM

  paws at plurk's quirks
• 

  simcop2387 Apr 06, 2009 06:06PM

  doesn't understand how a stray </p> leads to XSS?
• 

  @Kent Apr 06, 2009 06:13PM

  the p isn't the problem.
• 

  @Kent Apr 06, 2009 06:13PM

  just if that P was somehow *generated* by *automated* code in the sanitizer for your profile fields, *then* it might mean something
• 

  @Kent Apr 06, 2009 06:14PM

  if its just static code the worst that could happen is a flow problems