the Network.URI parser

Peter Gammie peteg42 at
Tue May 27 03:28:53 EDT 2008


I'm wondering what the state of this parser is.

It parses the contents of the src attribute in the following:

<p><img src="javascript:alert('XSS');" alt=""/></p>

which causes IE 5.5 (and probably 6) to show a dialog box. (I lifted  
this example from the list at

I was hoping the parser in Network.URI would choke on it - the  
parentheses are reserved, at least.


More information about the Libraries mailing list