Jonah Kowall wrote, > I don't consider this a bug in FW-1, but a bug in the products > navigator, and internet explorer. These tags shouldn't be > parsed, because they are malformed. The firewall is stripping > tags properly, but since these tags are malformed you can't > expect the firewall to be able to recognize them as valid > tags. I disagree ... Strictly speaking the _tags_ aren't malformed. The the loose '<' preceeding the tag renders the document as a whole non- well formed, which, according to the HTML REC, means that all bets are off and user agents are allowed to interpret the doc as they please. Most browsers will make an effort to try and make sense of HTML crud like this rather than rejecting it completely. That's reasonable given how much junk there is out there which passes for HTML. The upshot is that any firewall product which attempts to interpret the stuff which passes through it has to be sensitive to the way that the end recipent is likely to behave. If it can't cope with the way browsers quite legitimately handle stuff that's strictly speaking broken, then it simply isn't up to snuff and should be fixed; or it should only pass stuff which is valid (which means it'd have to validate on the fly); or it shouldn't claim to be a 100% reliable filter. Cheers, Miles -- Miles Sabin Cromwell Media Internet Systems Architect 5/6 Glenthorne Mews +44 (0)20 8817 4030 London, W6 0LJ, England msabinat_private http://www.cromwellmedia.com/
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:32:56 PDT