WebApp Sec mailing list archives
HTML entity bignums
From: Ulf Harnhammar <ulfh () update uu se>
Date: Tue, 29 Jul 2003 14:26:25 +0200
I have found that some popular web browsers allow big numbers to be used in HTML's numeric entities. The programs in question store character values in 32 bits, so the characters 58, 58 + (2 ** 32), 58 + (2 ** 64) and so on are all colons to them. This is useful to know, when you work on HTML filters. For instance, you can't match colons with the regular expression ":|�*58;|&#[Xx]0*3[Aa];", as there are lots of larger numbers that will also be interpreted as that character. I have been able to reproduce this entity bignum behaviour with recent versions of Mozilla, Galeon, Opera and w3m - but not with recent versions of Internet Explorer, Lynx and Elinks. // Ulf Harnhammar kses - PHP HTML/XHTML filter http://sourceforge.net/projects/kses <html> <head> <title>HTML entity bignums</title> </head> <body> <h1>HTML entity bignums</h1> <h2>Three A's</h2> <p> � � � </p> <h2>A JavaScript link</h2> <p> <a href="������������������������">Click me!</a> </p> </body> </html>
Current thread:
- HTML entity bignums Ulf Harnhammar (Jul 29)
- Re: HTML entity bignums Ingo Struck (Jul 29)
- Global Web App Security Sity Pessoft (Jul 30)
- <Possible follow-ups>
- Re: HTML entity bignums Ulf Harnhammar (Jul 30)
- Re: HTML entity bignums Ingo Struck (Jul 30)
- Re: HTML entity bignums Ulf Harnhammar (Jul 31)
- Re: HTML entity bignums Ingo Struck (Jul 29)