User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 Story: I started running IIS and wanted to put up a web page, but I'm a 'n00b' as they say. I made a bunch of errors, mostly in putting ending tags (IE I put "<title> fdshesjfhesjkdsf" WITHOUT the "</title>" ending tag). Well, I could still view the page perfectly, but people using IE could not. I eventually fixed the problem, but it occured to me: if it's running bad code, isn't that a security flaw? Maybe I'm wrong, but if the code is bad, shouldn't it display an error, instead of a fine site. P.S. Although I fixed the error on my site, I've deleted the '</title>' tag intentionally, to reproduce the error, just for you guys. Reproducible: Always Steps to Reproduce: 1. Access the site via Mozilla. It works! (read the source code!) 2. Access the site via IE. (And read source code) Actual Results: The page displayed in Mozilla fine. But in Internet Explorer, it didn't display at all. But you could read the source code in IE still. Note: Others got this error as well when viewing my site. Expected Results: I'm not an expert but I ASSUME that if the site has bad code, the browser should give an error message instead of automagically displaying the site.
Not a security bug (there is no exploit described). INVALID. Error handling is not a bug. It's a feature. If we were to report every error instead of trying to "muddle on through", we'd end up not displaying 99% of the Web, which would be a bit of a problem.
It's far more common people test their site in IE and have it not render correctly in Mozilla -- each browser handles non-standard HTML with different quirks for historical reasons. Try some of the validators out there, although even validated code can render differently in different browsers.