Closed
Bug 167554
Opened 22 years ago
Closed 22 years ago
Textarea has inconsistent treatment of comments (possible exploit)
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: levik, Assigned: harishd)
References
()
Details
(Keywords: compat)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1) Gecko/20020826 A textarea containing an HTML comment will render it as plaintext (you will see the actual tag). However a mal-formed comment tag, where the comment is open but never closed will be interpreted as the beginning of a comment block, and never terminating, resulting in not rendering any content following the textarea. This is obviously a huge problem for dynamic sites where users can enter text to be rendered in the textarea. I was under the impression that the only html recognized in a textarea is a closing </TEXTAREA> tag. This is supported by the fact that fully formed comments are displayed inside of a textarea, and not suppressed. See the testcase URL and compare Moz behavior to IE. Reproducible: Always Steps to Reproduce: 1. 2. 3.
Comment 1•22 years ago
|
||
well... character entities are also allowed inside a textarea. So its contents _do_ need to be parsed as HTML. It's not clear to me from the HTML spec whether comments are allowed inside textareas, but you should be escaping '<' in any case (what's the prevent a user from typing '</textarea>'?
Assignee: jkeiser → harishd
Component: HTML Form Controls → Parser
QA Contact: tpreston → moied
Whiteboard: DUPEME
Comment 2•22 years ago
|
||
lev: The behavior you describe is closer to that of an element with CDATA declared content, which <textarea> is not. If "<!-- comment -->" displays in a textarea, that's a bug; it should be escaped as "<!-- comment -->", markup recognition in textareas being normal...
Comment 3•22 years ago
|
||
Yes, this is invalid. Convert the "<" to "<" in the textarea and you'll be fine.
You need to log in
before you can comment on or make changes to this bug.
Description
•