Sam Varshavchik wrote: >
Although in the rest of the world, any <!-- comment --> in HTML gets
> ignored, with MSIE a specially formatted HTML comment can get processed > as regular HTML code, with scripting, et al:
http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/overview/ccomment_ovw.asp
Oh, they do server side includes on the client! And, yes, on that page they claim that the content is not downloaded when the conditional is false...
The other stuff in the patch is because it's cumulative, and includes last week's fix for a different issue.
E.g. checking &xxx entities terminate with `;'? But there's no _hot_ security concern, is there? ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
