Closed
Bug 215622
Opened 21 years ago
Closed 20 years ago
HTML numeric entities overflow
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: metaur, Assigned: harishd)
Details
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0; tekaz) Build Identifier: HTML's numeric entities overflow at 2 ** 32, 2 ** 64 and so on. This means that there is an infinite number of entities that Mozilla will interpret as a colon for instance (58, 58 + 2 ** 32, 58 + 2 ** 64..). Reproducible: Always Steps to Reproduce: 1. Create an HTML document with bignum numeric entities. 2. View it in Mozilla. 3. Actual Results: It showed the characters with the value given in the lowest 32 bits of the numeric value. Expected Results: Ignore it, show it as text, show it as a questionmark..
Comment 1•21 years ago
|
||
can you attach the minimum testcase that shows the error via "create a new attachment" link above ?
Comment 2•21 years ago
|
||
Um.. why should they not overflow? The code in question is invalid HTML; the error-handling is undefined. So we should do something that makes sense is all... What do other browsers do?
Reporter | ||
Comment 3•21 years ago
|
||
I have posted a short test document here: http://lists.insecure.org/lists/webappsec/2003/Jul-Sep/0047.html This bignum entity thing works in Mozilla, Galeon, Opera and w3m - but not in Internet Explorer, Lynx, Elinks and Konqueror. One of the reasons why I dislike this bignum entity behaviour is that it makes it harder to process HTML code correctly, if you want to write an HTML filter and remove bad constructs in web applications for instance. // Ulf Harnhammar metaur@operamail.com
Comment 4•20 years ago
|
||
Marking as WONTFIX. I don't see a point in changing our behavior on this invalid HTML. If you need to look for these constructions, you should reject the lowest common denominator anyway (and more than one browser does this).
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•