Closed Bug 215622 Opened 22 years ago Closed 21 years ago

HTML numeric entities overflow

Categories

(Core :: DOM: HTML Parser, defect)

x86
Linux
defect
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: metaur, Assigned: harishd)

Details

User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0; tekaz) Build Identifier: HTML's numeric entities overflow at 2 ** 32, 2 ** 64 and so on. This means that there is an infinite number of entities that Mozilla will interpret as a colon for instance (58, 58 + 2 ** 32, 58 + 2 ** 64..). Reproducible: Always Steps to Reproduce: 1. Create an HTML document with bignum numeric entities. 2. View it in Mozilla. 3. Actual Results: It showed the characters with the value given in the lowest 32 bits of the numeric value. Expected Results: Ignore it, show it as text, show it as a questionmark..
can you attach the minimum testcase that shows the error via "create a new attachment" link above ?
Um.. why should they not overflow? The code in question is invalid HTML; the error-handling is undefined. So we should do something that makes sense is all... What do other browsers do?
I have posted a short test document here: http://lists.insecure.org/lists/webappsec/2003/Jul-Sep/0047.html This bignum entity thing works in Mozilla, Galeon, Opera and w3m - but not in Internet Explorer, Lynx, Elinks and Konqueror. One of the reasons why I dislike this bignum entity behaviour is that it makes it harder to process HTML code correctly, if you want to write an HTML filter and remove bad constructs in web applications for instance. // Ulf Harnhammar metaur@operamail.com
Marking as WONTFIX. I don't see a point in changing our behavior on this invalid HTML. If you need to look for these constructions, you should reject the lowest common denominator anyway (and more than one browser does this).
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.