Slashdot Mirror


HTML Rendering Crashes IE

SlimySlimy writes "According to this article on Secunia, a new IE exploit was found that crashes almost any version of Internet Explorer past 4.0 with just 5 lines of plain HTML code (no JavaScript, ActiveX, etc.). If you're very brave, you can test/crash your IE by going here." There's also a note on SecurityFocus.

10 of 887 comments (clear)

  1. Where is this IE you speak of? by westyvw · · Score: 5, Funny

    I have looked all over my computer for this IE thingy you all speak of. I cant find it anywhere. I typed "whereis ie" in the console but nothing turned up. I typed find / -name IE and again nothing. I looked for a man page found none. I clicked on the gear icon thing and looked though the programs installed I dont have it. So I typed apt-get IE. No luck. Must be some obscure piece of software that I cant find. Guess I am better of WITHOUT IT!

  2. Couldn't resist. by jkitchel · · Score: 5, Funny


    Who else couldn't resist from clicking on the link that would crash IE?

  3. Re:Hah! I've got something that will crash IE also by Anonymous Coward · · Score: 5, Funny
    note: there is a bogus semicolon after the /td when I preview this post... it shouldn't be there, but I can't get rid of it.
    does IE crash when you use backspace?
  4. Re:OS X IE Is Unaffected by Anonymous Coward · · Score: 5, Funny

    It seems that IE 5.x on MacOS X is not affected by this.

    I've had it. I'm switching.

  5. Re:Opera and Mozilla are not affected. by spectral · · Score: 5, Funny

    And the funny part is, you only need the input line. So therefore putting something like this on your page: <a href="about:<input type die>">Click here</a> to crash IE. will also work. Though it kind of gives it away how it works if you look at the status bar. Too bad /.'s filter won't let me post that link properly. Bleh. :)

  6. This is correct behavior by Christian+Schladetsc · · Score: 5, Funny

    // html_parser.cpp,v (C) 1990- Microsoft #include "html/parser.h" template void html_block(II F, II L) { for (; F != L; ++F) if (tag(*F)()) for (++F; F != L; ++F) if (tag(*F)::Type::val == Type::Crash) __asm int 3; } OK, they didnt use meta-programming C++ techniques, but there's code similiar to that in the IE source. This HTML rudely crashes IE: I didnt make that up. That's the actual contents of the html code that when processed by the HTML parser in IE crashes it. Its safe to look at here, because its not being processed by the parser - its being processed by the text renderer, which just draws text. Read it. Its not hard to understand, even if you've never seen HTML source before. The phrase "input type crash" demonstrates a clear intention, to, um, crash. It was included by the programmers for a number of very good reasons. I dont really care to list them all here. But this is clearly not a "bug". Actually, it shows good engineering practise. Microsoft rox0r. No, really, they do.

  7. Re:Two points of significance for crashes. by evilviper · · Score: 5, Funny
    No matter what the input stream, the application should not respond by crashing.

    Man, do I wish someone would tell the Mozilla team that...
    --
    Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
  8. Re:Worth Pointing Out, I Think by Vidiot3k · · Score: 5, Funny

    You might want to get that checked out, I don't think it's healthy to fart bugs.

  9. It did not crash Lynx by drunk_as_in_beer · · Score: 5, Funny

    I repeat, it did not crash Lynx.

    --
    --Drunk as in Beer
  10. Re:Inquirer says one line by norweigiantroll · · Score: 5, Funny

    <input type crash>
    It's not a bug, it's a feature! The "crash" input type allows the user to crash the browser. It's very useful and another Microsoft (TM) innovation.