Closed
Bug 297143
Opened 19 years ago
Closed 19 years ago
Possible security flaw in handling of code...
Categories
(Firefox :: General, defect)
Tracking
()
VERIFIED
INVALID
People
(Reporter: sun_burn_135, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 Story: I started running IIS and wanted to put up a web page, but I'm a 'n00b' as they say. I made a bunch of errors, mostly in putting ending tags (IE I put "<title> fdshesjfhesjkdsf" WITHOUT the "</title>" ending tag). Well, I could still view the page perfectly, but people using IE could not. I eventually fixed the problem, but it occured to me: if it's running bad code, isn't that a security flaw? Maybe I'm wrong, but if the code is bad, shouldn't it display an error, instead of a fine site. P.S. Although I fixed the error on my site, I've deleted the '</title>' tag intentionally, to reproduce the error, just for you guys. Reproducible: Always Steps to Reproduce: 1. Access the site via Mozilla. It works! (read the source code!) 2. Access the site via IE. (And read source code) Actual Results: The page displayed in Mozilla fine. But in Internet Explorer, it didn't display at all. But you could read the source code in IE still. Note: Others got this error as well when viewing my site. Expected Results: I'm not an expert but I ASSUME that if the site has bad code, the browser should give an error message instead of automagically displaying the site.
Comment 1•19 years ago
|
||
Not a security bug (there is no exploit described). INVALID. Error handling is not a bug. It's a feature. If we were to report every error instead of trying to "muddle on through", we'd end up not displaying 99% of the Web, which would be a bit of a problem.
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
Updated•19 years ago
|
Status: RESOLVED → VERIFIED
Comment 2•19 years ago
|
||
It's far more common people test their site in IE and have it not render correctly in Mozilla -- each browser handles non-standard HTML with different quirks for historical reasons. Try some of the validators out there, although even validated code can render differently in different browsers.
You need to log in
before you can comment on or make changes to this bug.
Description
•