So you can convert the "<script>" to something else... Well, never mind.
☆PhistucK On Wed, Nov 11, 2009 at 11:02, Mathias Wagner <[email protected]>wrote: > On 11 Nov., 07:14, PhistucK <[email protected]> wrote: > > .. you can simply not put them in a "<script>". > > So, what was your intention? > > Imagine a Website like a blog where you have code coming from you and > then the "evil" comments. And you don't trust your blog software to > filter all possible XSS attacks. Then you could put the HTML part with > the comments within jail tags. > You are right if you say why not just make it the other way round and > this is indeed part of my work. But to achieve safety in terms of XSS > attacks the common script tag would not be enough. It would have to be > a tag like > <nojail hash="blub"> > my secure java-script code > </nojail hash="blub"> > > -- > Chromium Discussion mailing list: [email protected] > View archives, change email options, or unsubscribe: > http://groups.google.com/group/chromium-discuss > -- Chromium Discussion mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-discuss
