on Thu, Nov 24, 2005 at 03:50:04AM +0100, Will Wesley wrote: > > --- Richard Fuchshuber <richardfuch@xxxxxxxxxxxx> > schrieb: > > <? > > <TABLE border="1" cellspacing="1" cellpadding="0"> > > <TR>Your profile is out of date, please update <a > > href="www.blabla.com">clicking here.</a></TR> > > </TABLE> <snip> > The real problem is that you are injecting a TR > element into the middle of a TD, then closing the > table without first closing the TD. Any web developer > who would do such a thing is a moron, and your browser > does the best it can to make sense of it. You might > try asking Yahoo how to turn HTML off, or simply use > POP with a text only reader to work around this. I think you missed the point. He's actually just inserting ill-formed markup into the document flow and the browsers do react in the ways he described to such markup. As such, the problem exists. Calling out moron Web designers doesn't help much here. In HTML 3.2 and 4.0, for example, an open TD tag is required, so when non-markup text follows a start TR tag, the browser doesn't know how to deal with that text and places it out of the table's document flow, which has the result of throwing it further up the page, outside /and preceding/ the table in which it was found. This is a well-known problem to Web designers (who used to use it to troubleshoot complex table-based page layouts), but it doesn't mitigate its importance to those concerned with preventing XSS. Steve -- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/
