Bad Mojo for Internet Explorer

I just read on Slash today how a piece of valid markup can crash Windows Internet Explorer 4 and later. This includes many applications that use Trident, a dynamic link library that is the markup rendering component of IE–this means Outlook, Outlook Express and perhaps other Office components. Bad, bad bug!

Here is the invalid markup that causes Trident to crash (without the spaces before and after the angle brackets of course.):

< code >< input type >< /code >

To make this legitimate markup we take advantage of something called conditional comments (A silly idea if I ever heard one.)and the result is (again without the spaces.):

< code > < ! --[if IE] >< input type >< ![endif]-- >< /code >

This entry was posted in Security and Privacy. Bookmark the permalink.