Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Macintosh :: c07-2028.htm

Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability



Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability
Safari Improperly Parses HTML Documents & BlogSpot XSS vulnerability



Overview:

Safari on occasions may improperly parse the source of an HTML  
document, which can lead to the execution of html tags within  
comments. This can become dangerous when input filters allow html  
tags within comments, as they will get parsed and executed under  
certain circumstances.

Details:

In some cases you can cause Apple=92s Safari browser to execute code  
when it should not be executed. In the following example everything  
within the comment, in theory should never be executed; however,  
safari decides to execute the script tag.

myblog<!--

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH