[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Exploits in websites due to buggy input validation where mozilla is at fault as well as the website.
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] Exploits in websites due to buggy input validation where mozilla is at fault as well as the website.
- From: Nick FitzGerald <nick@xxxxxxxxxxxxxxxxxxx>
- Date: Fri, 16 Jul 2004 03:03:54 +1200
Barry Fitzgerald wrote:
> I think that the best solution might be to display a dialogue box before
> it tries to fix the tags stating that the page contains potentially
> unsafe incomplete tags and asking whether the browser should repair them
> or not.
Nope -- _VERY_ bad idea.
Idiot users want to blow both their feet off.
Asking them "do you want a chance to blow your feet off?" only slows
the inevitable slightly, never prevents it.
The correct solution to all such problems is simply to reject the
content as malformed. And guess what will happen when you do that?
Several really crappy web design products will disappear because the
folk using them will drop them because no-one can see their pages _and_
the rest will suddenly become very inetrested in producing properly
compliant content, as they should have been from the outset.
Playing "guess what the moron really meant" is a recipe for being
screwed, so let's get over the previous "need" to "see it at all cost"
and get some sense back into what folk are doing...
Regards,
Nick FitzGerald
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html