← Back to context

Comment by tannhaeuser

8 years ago

From https://arstechnica.com/security/2017/02/serious-cloudflare-...:

    A while later, we figured out how to reproduce 
    the problem. It looked like that if an html page
    hosted behind cloudflare had a specific
    combination of unbalanced tags,
    [...]
    The leakage was the result of a bug in an HTML
    parser chain Cloudflare uses to modify Web pages
    as they pass through the service's edge servers.

Ahem, at the risk of sounding pedantic, but this wouldn't have happened when using a proper HTML/SGML parser ([1]).

[1]: http://sgmljs.net/blog/blog1701.html

1 comment

tannhaeuser

Reply