HTML Rendering Crashes IE

SlimySlimy writes "According to this article on Secunia, a new IE exploit was found that crashes almost any version of Internet Explorer past 4.0 with just 5 lines of plain HTML code (no JavaScript, ActiveX, etc.). If you're very brave, you can test/crash your IE by going here." There's also a note on SecurityFocus.

Wonder if that works deeper in a page

[ShieldW0lf]

Could wreak havoc in html-enabled forums

input type _____

[BoBathan]

Seconds after reading this, I tried this out on my own, slightly modified.

input type giveBoBathan$1,000,000USD

Unfortunatly, Microsoft must have known of this potential exploit. :(

--Travis

Re:input type _____

[Scarblac]

Try $999,999. They can't have thought of everything!

So is IE 5.1.6 on OS 9.XX

[Rxke]

Heh. Thank you so much for porting a better IE to the Mac, Billy...

Where is this IE you speak of?

[westyvw]

I have looked all over my computer for this IE thingy you all speak of. I cant find it anywhere. I typed "whereis ie" in the console but nothing turned up. I typed find / -name IE and again nothing. I looked for a man page found none. I clicked on the gear icon thing and looked though the programs installed I dont have it. So I typed apt-get IE. No luck. Must be some obscure piece of software that I cant find. Guess I am better of WITHOUT IT!

Re:Where is this IE you speak of?

[fenix+down]

Congratulations! You're the most intelligent post on this thread!
*CUE MUSIC*
There she is... la la blah whateveerrr...

Its now my new homepage!!

[stonezone]

what fun, just set it to your homepage, then have it restart explorer automatically once you send in the error report. Hours of fun for the bored slashdotters....

Couldn't resist.

[jkitchel]

Who else couldn't resist from clicking on the link that would crash IE?

Re:Couldn't resist.

[UnknownQ]

Who else couldn't resist from clicking on the link that would crash IE?

I couldn't, but then again I have Mozilla 1.3. I typed "BWAHAHAHAHAHA!" in the resulting text box.

Re:OS X IE Is Unaffected

[petecarlson]

When I clicked the crash link,Explorer crashed but then relaunched all by itself. First time I have ever seen that happen.
Running IE 6 on 2000 pro.
guess I have to fire up Mo*illa to see what the lines of html are.

# There is a key broken on my laptop and I am not
# getting out of bed at four in the morning to
# plug in the keyboard

Re:what happens?

[miguel_at_menino.com]

It generates an e-mail to Steve Balmer.

That's why he freaks out sometimes and starts screaming DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS!!

Re:Hah! I've got something that will crash IE also

note: there is a bogus semicolon after the /td when I preview this post... it shouldn't be there, but I can't get rid of it.

does IE crash when you use backspace?

What I really want to see...

[weave]

I want to see some simple HTML code that will crash a spammer's email harvesting web crawler. Now THAT would be "News.*that matters..."

Aren't you people missing something?

[madmarcel]

Whats wrong with you people?

This is a *SPLENDID* way to keep internet exploder (l)users away from webpages.

You don't want the average person to visit your website? smiple, insert 1 wee little line of code, et voila, bob's your uncle.

Come to think of it...if /. were to use this code/bug/feature, would that keep the trolls away?
(Hah! syeah right! Wishfull thinking ;^)

<wonderful dream>
It'll take 6 months before micro$oft fixes the problem, so that'll give the rest of us six months of troll-free slashdot happiness :P

<reality>
Having said that, I'm using Exploder on WinMe to submit this post - but mind you, it's the first time in 2 months I've been anywhere near windows - and yes, thats a real bug, it did crash - exploder only though...I figured windows would keel over with it. How eh...dissappointing ;)

Ironic thoughts for the day:
1) this IE bug WILL become a feature.
<insert appropriate marketspeak here>
2) This post will get rated 'Troll' :P

Re:OS X IE Is Unaffected

It seems that IE 5.x on MacOS X is not affected by this.

I've had it. I'm switching.

<input type crash> will crash the browser...

[eet23]

... and will email it to all your friends as well.

Re:Opera and Mozilla are not affected.

[spectral]

And the funny part is, you only need the input line. So therefore putting something like this on your page: <a href="about:<input type die>">Click here</a> to crash IE. will also work. Though it kind of gives it away how it works if you look at the status bar. Too bad /.'s filter won't let me post that link properly. Bleh. :)

Get the Fix!

[DarkHelmet]

Windows Update:

BugFix Q3823982

This patch solves a vulnerability with Microsoft Internet Explorer Versions 4.0, 5.0, 5.5 and 6.0. A missing validation allowed snippits of code such as <form><input type cras.....

-----

This program has had a critical error and must be shut down...

This is correct behavior

[Christian+Schladetsc]

// html_parser.cpp,v (C) 1990- Microsoft #include "html/parser.h" template void html_block(II F, II L) { for (; F != L; ++F) if (tag(*F)()) for (++F; F != L; ++F) if (tag(*F)::Type::val == Type::Crash) __asm int 3; } OK, they didnt use meta-programming C++ techniques, but there's code similiar to that in the IE source. This HTML rudely crashes IE: I didnt make that up. That's the actual contents of the html code that when processed by the HTML parser in IE crashes it. Its safe to look at here, because its not being processed by the parser - its being processed by the text renderer, which just draws text. Read it. Its not hard to understand, even if you've never seen HTML source before. The phrase "input type crash" demonstrates a clear intention, to, um, crash. It was included by the programmers for a number of very good reasons. I dont really care to list them all here. But this is clearly not a "bug". Actually, it shows good engineering practise. Microsoft rox0r. No, really, they do.

just to make sure

[InfoHighwayRoadkill]

I tested it a couple of dozen times and sent the WinXP error reports of to Microsfot like any good windows user would...

Who needs a few lines..

I'm running IE 5.x and it crashes constantly with any help from a few lines of html.

MOD PARENT UP AS FUNNY

[thynk]

this is one of those times when I wish I had mod points. AH... maybe someday.

Re:OS X IE Is Unaffected

it was all like "beep beep beep" and then my browser crashed! and it was a really good website!

Re:Two points of significance for crashes.

[evilviper]

No matter what the input stream, the application should not respond by crashing.

Man, do I wish someone would tell the Mozilla team that...

Re:Microsoft...bleh.

[mrjb]

If you really want to prove a point, make sure its an html email then.

Re:MSFT Mac Apps

[Ninja+Programmer]

• Windows Media Player for the Mac (they need a better name for that app) works, but feels like quick and dirty port...

No big surprise, it feels that way under Windows as well.

Re:Worth Pointing Out, I Think

[Vidiot3k]

You might want to get that checked out, I don't think it's healthy to fart bugs.

In related news.........

[sjoel]

in related news, the microsoft operating system is buggy and full of holes.

Re:I tried with Opera

[Old+Uncle+Bill]

Those sneaky bastards must have QA'd that piece of code. How can MS really compete with that?

OSS and the w3 falling behind - AGAIN!

[IIRCAFAIKIANAL]

I mean, IE implements the tags correctly and you all just noticed? Yet again we see that Microsoft IE is ahead of the game, implementing useful tags that the w3 hasn't even thought of yet.

Why is it that Microsoft is saddled with the burden of creating useful standards? Isn't this supposed to be the job of the w3?

I expect we'll have to wait a few years to see it in Moz and by then, microsoft will have implemented <input type explode into tiny pieces> or something even more spectacular.

Re:Very big deal

[bratmobile]

Oh my god! Someone found! A BUG! In SOFTWARE! And it happens on TOTALLY INVALID HTML! How could Microsoft possibly make such a horrible, horrible mistake!!

THIS NEVER HAPPENS ANYWHERE ELSE! Thank GOD the rest of the world is bug-free!

Re:Hah! I've got something that will crash IE also

[CCRancor]

It's really not a bug - you're just moving your mouse too slow ;)

It did not crash Lynx

[drunk_as_in_beer]

I repeat, it did not crash Lynx.

What if...

[dumboy]

MS did it on purpose for debugging purposes? Maybe a couple more tags like
<input type bluescreen>
<input type slow_machine_to_crawl>
<input type bsa_audit>
<input type flood_ISP>
exist and they just haven't been discovered yet.

Re:Two points of significance for crashes.

[FauxPasIII]

> Man, do I wish someone would tell the Mozilla team that...

I'm sure they'd be happy to give you your money back.

This is not fair

[unborn]

Why do Windows people get all these features. I don't even have a way to test it. Damn you Microsoft Monopoly. Damn you Konqui for refusing to crash when most needed.

Would thid be proof ...

that IE is part of the O/S?

Re:Bugs, crashes

[craigeyb]

Nah, it's a feature, man! It prevents IE users from seeing non-Microsoft-certified websites!

Re:mozilla crashes too

[craigeyb]

...and most of the time the browser catches infinite loops...

Give it up for the Halting Problem Solution. Whoo whoo!

Re:Careful with those emails!

[HoaryCripple]

Is he still your friend?

Re:Inquirer says one line

[norweigiantroll]

<input type crash>
It's not a bug, it's a feature! The "crash" input type allows the user to crash the browser. It's very useful and another Microsoft (TM) innovation.

Re:Opera and Mozilla are not affected.

[Guppy06]

<input type crash>

IE is doing exactly what the tag is telling it to do. It's a feature, not a bug!

Re:Crashing != bug

[NickFitz]

He writes a library not software.

What, like a mediaeval monk? ;-)

I can do it in 12 bytes!!!!

You people are just like microsoft with your bloated code. Wasting all the extra space with unneeded characters. If there's one thing a Bleveskovolokian knows how to do it's to save an extra few bytes. Try:

<input type>

That's all. None of that unneeded crap. 12 bytes and crash!! The most efficient IE crasher web page yet. Beat that! I dare you.

Re:Wait a minute.

[moncyb]

Maybe because no one can read it? What does it say? It appears to use english words, but well...

crash test

[kavau]

...you can test/crash your IE by going here.

It wor

IE under XP crashes

[pollotech]

I can't beleave this Micro$oft people, I have XP Professional with IE 6.0.26 and crashes too. I thought this kind of so evident IE problems where over after version 4.

Re:Two points of significance for crashes.

[FauxPasIII]

> Internet Explorer is free as well.

Only in the same sense that the Sports Illustrated football phone is free.

IE

[gobbligook]

IE just crashes cause it has nothing better to do. Bottom line, if you want reliability use lynx, if you want unreliable bloat use IE.

MS Crash Month

[lostchicken]

...as it seems that [this] is the Microsoft Crash mounth [sic]...

Isn't every month MS crash month?

Re:NULL pointers and error handling

[HiThere]

And this is a part of why idiot lights are a really inferior replacement for gagues. If the gague died, you could tell immediately, as it needle dropped to the bottom (or pegged the top).

Another vile interface with idiot lights is the one that has an indecipherable light. Several mechanics have not been able to figure out what it means that one idiot light in my car sometimes comes on. One time it was fixed for about a week by adding oil (the oil light didn't come one, but when I checked the dipstick it was v. low). The owner's manual is... inscrutable.

Now, how to tie this back to null pointers... null pointers are sometimes 0 values that get stuck into pointers by accident. I don't think I've ever seen a good valid use of a null pointer as a pointer. But it's the default initial value (when there is one). So null pointer references *should* be disallowed. But I've encountered bad valid uses of null pointers. I've seen code where location 0 was used to store a value that needed to be globally accessible. (This may have been on a Z80, or some such.) Now that was a bad valid use of a 0 pointer, but it did allow code to be relocated. The problem was, if you encountered a pointer, you couldn't tell the difference between a null pointer and a 0 pointer. This lead to many troublesome errors. A far better choice is to just disallow it.

input type crash

[cyclist1200]

Finally, software that does what it's told!

Would the inverse apply?

[Transcendent]

If that crashes it... would "" fix windows?

Re:Crasher warning

Proffesor Fink: "My sarcasm detector is going off the scale!"

Comic Book Guy: "Yeah like thats a useful invention"

(Sound of exploding Device)