Erratum: </script]

[GoogleCodeExporter]

In which chapter/section/page number?

HTML/Advanced markup obfuscation/52

What is the existing content?

<!--[if true && ><script>alert(1)</script]->
000
<!--[endif]->

What is the correct content (optional)?

???

Comments

</script]  <-- ???

Original issue reported on code.google.com by pinkoblo...@gmail.com on 22 Dec 2010 at 8:08

[GoogleCodeExporter]

Confirmed bug - the > got lost during editing. Will be re-added asap. Thanks 
again!

Should be:

<!--[if true && ><script>alert(1)</script>]->
000
<!--[endif]->

Original comment by Mario.He...@googlemail.com on 23 Dec 2010 at 1:55

• Changed state: Accepted

[GoogleCodeExporter]

Original comment by sirdarckcat on 23 Dec 2010 at 6:15

• Added labels: Priority-High, Type-Defect

[GoogleCodeExporter]

I think the last example will not work (IE8 any modes). 

[quote]We can of course also utilise a single > to break out the conditional 
comment...[/quote]

The problem is that when IE encounters ">" inside the section [if ...] it 
starts to be parsed this comment as a normal HTML-comment.

Oh, I already feel myself like a troll.

Original comment by pinkoblo...@gmail.com on 23 Dec 2010 at 6:16

[GoogleCodeExporter]

Tested positive on my IE8 (same as in #2) - maybe a similar issue? 

Original comment by Mario.He...@googlemail.com on 23 Dec 2010 at 6:34

[GoogleCodeExporter]

It is clear again. The last example will only work if on page is missing "-->" 
below. In my testcase "-->" exist.

http://olo-olo-lo.narod.ru/test_4.html

Original comment by pinkoblo...@gmail.com on 23 Dec 2010 at 7:28

[GoogleCodeExporter]

Added to the Errata:
http://code.google.com/p/web-obfuscation/wiki/Errata#Page_52_-_Advanced_markup_o
bfuscation

Original comment by sirdarckcat on 24 Dec 2010 at 12:58

[GoogleCodeExporter]

Updated Errata

Original comment by sirdarckcat on 24 Dec 2010 at 1:01

• Changed state: Started