-
Notifications
You must be signed in to change notification settings - Fork 355
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XSS injection vulnerability using empty, undelimited attributes #19
Comments
Hmm, is this a bug in HTMLParser2? On Thu, Jul 17, 2014 at 10:45 AM, jimmed notifications@github.com wrote:
*THOMAS BOUTELL, *DEV & OPS |
I am surprised that this doesn't show up as two attributes in the data One way we can deal, though, is by making sure there are no unescaped On Thu, Jul 17, 2014 at 11:06 AM, Tom Boutell tom@punkave.com wrote:
*THOMAS BOUTELL, *DEV & OPS |
Closed this issue, see pull request #20 |
Entering the following:
produces the following:
This is definitely invalid HTML, but would suggest that it's being interpreted incorrectly by the parser. I would expect:
The text was updated successfully, but these errors were encountered: