-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, This is about IE6 (othersIE versions?) crashing after loading an html page with a password input field with a value=" " option containing 1,000,000 X's (value option means that it will put that in the field when you load the page). I have tested this myself with a simple html file containing maxlength <INPUT Name="PasswordProvided" Value="xxxxx... Size="1000000" MAXLENGTH="1000000"> <INPUT Name="PasswordProvided_required" Type="HIDDEN" Value="You must provide a password."> Note that I forgot to end the value with ", so size= should be seen as part of the value in IE6, and the rest should create an error/warning when loading the page. I've received several reports of the page loading ok in windows 98, but that it crashes and consumes 100% cpu in windows2000/winxp (the page never crashed in win98 but always in win2k/winxp). I`m not sure what to do with this information. I`m just a computer science student with a interest in security. Can anyone tell what to do to test this further? And I would appreciate it if other would try loading a similar page and mail the result. Philip Wagenaar -----BEGIN PGP SIGNATURE----- Version: PGP Personal Security 7.0.3 iQA/AwUBO/h8ss4JcipDIO8UEQLRaACgvd9eJxclRShJxxp1NiP3r5EWzuoAn0RU Xw/lLXr087tYGrOvwR84MBHL =ohSj -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Sun Nov 18 2001 - 21:41:12 PST