278055 - incorrect HTML parsering.(Sorry 4 my poor english:)

Status: RESOLVED DUPLICATE of bug 236002

(Core :: DOM: HTML Parser, defect)

Description

[cb]

It seems that FirFox cannot parser HTML correctly when it encounters HTML tags
like <Button*> or <Body*>. It seems treat <Body*> as <Body[a Space]> and IE
dosen't. So a HTML file like this: <body* onload="alert(123)">asdfa</body> will
show an alert window when loaded in FireFox, but dosen't in IE. If someone build
a file that does some harmful in the "onload" section ..., IE users will be glad
to see this won't affect them:)
I'm using FieFox v1.0(Simplified Chinese version). 
It's about says :Mozilla/5.0 (Windows; U; Windows NT 5.0; zh-CN; rv:1.7.5)
Gecko/20041124 Firefox/1.0
My OS is Windows 2000 pro simplified chinese version with sp4.
Hope this is not my fault :)
I LIKE THE LOVLY FIREFOX!!

Comment 1

[Daniel Veditz [:dveditz]]

I assume you're referring to the first comment at the above URL,
http://www.codeproject.com/vcpp/gdiplus/gdiplushelper.asp?df=100&forumid=3952&select=831778#xx831778xx

In that case the HTML angle brackets should have been escaped, or the "do not
treat <'s as HTML tags" checkbox should have been checked when that site comment
was entered. The layout issue on the page is a site/author problem: Even if
<Button*> were not recognized as a button we would still hide the unknown tag
when displaying.

If someone knew how to program something harmful it's not the "*" parsing that
will allow for it. Clearing security confidential flag.

I'm not sure of the technical HTML parsing specs so I'll bump this over to them
 to evaluate.

Comment 2

[Blake Kaplan (:mrbkap) (inactive)]

I'm marking this as a duplicate of bug 236002, since the remaining compat. issue
with IE was fixed by that bug.

*** This bug has been marked as a duplicate of 236002 ***