[Esd-l] Removal of HTML comments
John D. Hardin
jhardin at impsec.org
Sat Jan 18 09:30:00 PST 2003
On Sat, 18 Jan 2003, Bill Larson wrote:
> How long do you think it will be once a virus writer realizes that
> they can bypass things like the sanitizer using this method that
> it will take for a virus of this nature to appear. I know I would
> much rather be proactive than retroactive.
I don't think it's too likely. Bypassing the sanitizer using embedded
comments would be something along the lines of:
<SCR<!-comment-->IPT>
...and that wouldn't work. An HTML script has to be valid HTML. The
HTML parser doesn't pull out comments before parsing for other tags.
(of course, bonehead design like that *would* allow the sanitizer to
be bypassed.)
Let me think about it a bit.
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin at impsec.org pgpk -a jhardin at impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The fetters imposed on liberty at home have ever been forged out
of the weapons provided for defense against real, pretended, or
imaginary dangers from abroad.
-- James Madison, 1799
-----------------------------------------------------------------------
654 days until the Presidential Election
More information about the esd-l
mailing list