Open GoogleCodeExporter opened 9 years ago
Confirmed bug - the > got lost during editing. Will be re-added asap. Thanks
again!
Should be:
<!--[if true && ><script>alert(1)</script>]->
000
<!--[endif]->
Original comment by Mario.He...@googlemail.com
on 23 Dec 2010 at 1:55
Original comment by sirdarckcat
on 23 Dec 2010 at 6:15
I think the last example will not work (IE8 any modes).
[quote]We can of course also utilise a single > to break out the conditional
comment...[/quote]
The problem is that when IE encounters ">" inside the section [if ...] it
starts to be parsed this comment as a normal HTML-comment.
Oh, I already feel myself like a troll.
Original comment by pinkoblo...@gmail.com
on 23 Dec 2010 at 6:16
Tested positive on my IE8 (same as in #2) - maybe a similar issue?
Original comment by Mario.He...@googlemail.com
on 23 Dec 2010 at 6:34
It is clear again. The last example will only work if on page is missing "-->"
below. In my testcase "-->" exist.
http://olo-olo-lo.narod.ru/test_4.html
Original comment by pinkoblo...@gmail.com
on 23 Dec 2010 at 7:28
Added to the Errata:
http://code.google.com/p/web-obfuscation/wiki/Errata#Page_52_-_Advanced_markup_o
bfuscation
Original comment by sirdarckcat
on 24 Dec 2010 at 12:58
Updated Errata
Original comment by sirdarckcat
on 24 Dec 2010 at 1:01
Original issue reported on code.google.com by
pinkoblo...@gmail.com
on 22 Dec 2010 at 8:08