cc'ing a few people who might know if this is a requirement. While this is a legitimate security concern, in the end it's up to websites not to allow dangerous content to be uploaded to their sites, and this includes META tags. If we would break a lot of sites by disallowing META tags in the document body, then we probably shouldn't do it, but I'll try to find out if this is so.
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
COnfirmed - this works as described. Changing description for clarity.
Severity: major → normal
Priority: -- → P2
Summary: <META> tag is allowed outside message body → <META> tag is allowed inside <body>
Target Milestone: --- → mozilla0.9.5
time marches on. Retargeting to 0.9.6.
Target Milestone: mozilla0.9.5 → mozilla0.9.6
Apparently we can't stop accepting META tags in the body without breaking a bunch of sites. As it's ultimately the sites' responsibility to watch out for things like this, this bug will have to be wontfix.
Status: ASSIGNED → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → WONTFIX
Marking verified wontfix as per above developer comments.
Status: RESOLVED → VERIFIED
*** Bug 200399 has been marked as a duplicate of this bug. ***
*** Bug 267180 has been marked as a duplicate of this bug. ***
I submitted bug 200399 which is slightly different in that META tags without a closing bracket are interpreted. This is more of a security issue than it would first seem, since most HTML filters only filter s!<.*?>!!g or something similar, but bug 200399 allows this even without the closing bracket, such as: <meta http-equiv="REFRESH" CONTENT=0;URL='http://mozilla.org/'
You need to log in before you can comment on or make changes to this bug.