[Esd-l] Removal of HTML comments

John D. Hardin jhardin at impsec.org
Sat Jan 18 09:30:00 PST 2003

On Sat, 18 Jan 2003, Bill Larson wrote:

> How long do you think it will be once a virus writer realizes that
> they can bypass things like the sanitizer using this method that
> it will take for a virus of this nature to appear. I know I would
> much rather be proactive than retroactive.

I don't think it's too likely. Bypassing the sanitizer using embedded
comments would be something along the lines of:


...and that wouldn't work. An HTML script has to be valid HTML. The
HTML parser doesn't pull out comments before parsing for other tags.
(of course, bonehead design like that *would* allow the sanitizer to
be bypassed.)

Let me think about it a bit.

 John Hardin KA7OHZ    ICQ#15735746    http://www.impsec.org/~jhardin/
 jhardin at impsec.org                        pgpk -a jhardin at impsec.org
 key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
  The fetters imposed on liberty at home have ever been forged out
  of the weapons provided for defense against real, pretended, or
  imaginary dangers from abroad.
                                            -- James Madison, 1799
   654 days until the Presidential Election

More information about the esd-l mailing list