Questions and Answers :
Web site :
XML version of download page is invalid
Message board moderation
Author | Message |
---|---|
Andy Stevens Send message Joined: 2 Jul 99 Posts: 3 Credit: 287,811 RAC: 0 |
On the client download page, there's a link to http://boinc.berkeley.edu/download.php?xml=1 for obtaining the download information in XML format. Following this link, I just get an error: XML Parsing Error: not well-formed Location: http://boinc.berkeley.edu/download.php?xml=1 Line Number 167, Column 33: Linux/x86 [url=linux.php]<font>details[/url] --------------------------------^ which is due to the <font>element not being closed. The element escapes its contents with e.g. <ul>rather than [list]. Perhaps the element ought to as well? |
Andy Stevens Send message Joined: 2 Jul 99 Posts: 3 Credit: 287,811 RAC: 0 |
Heh, I see that the XML tags I included in the [ code ] [ /code ] markup aren't being displayed as they're included verbatim in the HTML page. You do realise this could make you vulnerable to cross-site scripting attacks, don't you? Let's try a quick test with a javascript alert()... alert('Testing vulnerability') |
Andy Stevens Send message Joined: 2 Jul 99 Posts: 3 Credit: 287,811 RAC: 0 |
Well, at least it strips out the script tags. That's something I suppose. The other contents of the code bbcode tags still ought to be escaped, though. |
John McLeod VII Send message Joined: 15 Jul 99 Posts: 24806 Credit: 790,712 RAC: 0 |
Well, at least it strips out the script tags. That's something I suppose. The other contents of the code bbcode tags still ought to be escaped, though. The BB is in the process of switching from HTML to BB tags. At the moment, BOTH are active, but HTML parsing will be removed in the (near?) future. BOINC WIKI |
C167 Send message Joined: 2 Sep 04 Posts: 9 Credit: 38,860 RAC: 0 |
now, but where's the error? I copyed the file to UltraEdit and searched for open tags, but no result! C167 |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.