HTML Rendering Crashes IE

SlimySlimy writes "According to this article on Secunia, a new IE exploit was found that crashes almost any version of Internet Explorer past 4.0 with just 5 lines of plain HTML code (no JavaScript, ActiveX, etc.). If you're very brave, you can test/crash your IE by going here." There's also a note on SecurityFocus.

Wonder if that works deeper in a page

[ShieldW0lf]

Could wreak havoc in html-enabled forums

Poetic Justice

[Rudeboy777]

Hey if I insert htis here maybe it will crash out all Slashdot readers using IE. That'll learn 'em ;)

<html>
<form>
<input type crash>
</form>
</html>

This has to be somthing put into ie on purpose...

[TheeAlien]

This has to be somthing put into ie on purpose... merhaps the ie core team gets bored?

Lets look at the code shall we:

An html tag, a form tag, then this:

A closing form tag, and closing html tag.

!?

You _MUST_ be kidding me...

Not a crash!

[themassiah]

It's not a bug, it's a "feature"!

download the patch

[mraymer]

You can download the patch to this bug here: www.mozilla.org [mozilla.org]

Please note that this is a pretty bloated patch, but well worth it. ;)

No bugs here

[Fastball]

There no bugs here. The infidels are committing suicide on the logic gates of ActiveX. Lies! The stupid infidels...

input type _____

[BoBathan]

Seconds after reading this, I tried this out on my own, slightly modified.

input type giveBoBathan$1,000,000USD

Unfortunatly, Microsoft must have known of this potential exploit. :(

--Travis

So is IE 5.1.6 on OS 9.XX

[Rxke]

Heh. Thank you so much for porting a better IE to the Mac, Billy...

Where is this IE you speak of?

[westyvw]

I have looked all over my computer for this IE thingy you all speak of. I cant find it anywhere. I typed "whereis ie" in the console but nothing turned up. I typed find / -name IE and again nothing. I looked for a man page found none. I clicked on the gear icon thing and looked though the programs installed I dont have it. So I typed apt-get IE. No luck. Must be some obscure piece of software that I cant find. Guess I am better of WITHOUT IT!

Its now my new homepage!!

[stonezone]

what fun, just set it to your homepage, then have it restart explorer automatically once you send in the error report. Hours of fun for the bored slashdotters....

Re:input type _____

[Scarblac]

Try $999,999. They can't have thought of everything!

Couldn't resist.

[jkitchel]

Who else couldn't resist from clicking on the link that would crash IE?

Re:OS X IE Is Unaffected

[petecarlson]

When I clicked the crash link,Explorer crashed but then relaunched all by itself. First time I have ever seen that happen.
Running IE 6 on 2000 pro.
guess I have to fire up Mo*illa to see what the lines of html are.

# There is a key broken on my laptop and I am not
# getting out of bed at four in the morning to
# plug in the keyboard

Re:what happens?

[miguel_at_menino.com]

It generates an e-mail to Steve Balmer.

That's why he freaks out sometimes and starts screaming DEVELOPERS DEVELOPERS DEVELOPERS DEVELOPERS!!

Re:Hah! I've got something that will crash IE also

[Anonymous Coward]

note: there is a bogus semicolon after the /td when I preview this post... it shouldn't be there, but I can't get rid of it.

does IE crash when you use backspace?

What I really want to see...

[weave]

I want to see some simple HTML code that will crash a spammer's email harvesting web crawler. Now THAT would be "News.*that matters..."

Re:Bizarre

[nomel]

That's cause mac's aren't capable enough.

Re:Where is this IE you speak of?

[fenix down]

Congratulations! You're the most intelligent post on this thread!
*CUE MUSIC*
There she is... la la blah whateveerrr...

Do Not Download this patch!

[gad_zuki!]

I just installed this bloated patch and it has caused nothing but problems:

1. All of my x10 ads are missing. I would like to remain up to date on the advances in wireless webcam technology and x10's implied use on spying on girls without their consent.

2. There is a *major* bug that hides webpages behind other webpages. I found a half-ass fix for now: click on the "tabs" at the top.

3. This patch broke both Comet Cursor and Hotbar. Worse, they're not auto-installing when I visit certain webpages or when I click on my co-workers "Upgrade Outlook for colors and background" emails.

4. My script debugging isn't working anymore. Sure, I have no idea what all that techno-babble means, but I know its broken!

5. Where the heck is msn.com now?

Aren't you people missing something?

[madmarcel]

Whats wrong with you people?

This is a *SPLENDID* way to keep internet exploder (l)users away from webpages.

You don't want the average person to visit your website? smiple, insert 1 wee little line of code, et voila, bob's your uncle.

Come to think of it...if /. were to use this code/bug/feature, would that keep the trolls away?
(Hah! syeah right! Wishfull thinking ;^)

<wonderful dream>
It'll take 6 months before micro$oft fixes the problem, so that'll give the rest of us six months of troll-free slashdot happiness :P

<reality>
Having said that, I'm using Exploder on WinMe to submit this post - but mind you, it's the first time in 2 months I've been anywhere near windows - and yes, thats a real bug, it did crash - exploder only though...I figured windows would keel over with it. How eh...dissappointing ;)

Ironic thoughts for the day:
1) this IE bug WILL become a feature.
<insert appropriate marketspeak here>
2) This post will get rated 'Troll' :P

Re:OS X IE Is Unaffected

[Anonymous Coward]

It seems that IE 5.x on MacOS X is not affected by this.

I've had it. I'm switching.

<input type crash> will crash the browser...

[eet23]

... and <input type virus> will email it to all your friends as well.

Re:Opera and Mozilla are not affected.

[spectral]

And the funny part is, you only need the input line. So therefore putting something like this on your page: <a href="about:<input type die>">Click here</a> to crash IE. will also work. Though it kind of gives it away how it works if you look at the status bar. Too bad /.'s filter won't let me post that link properly. Bleh. :)

Get the Fix!

[DarkHelmet]

Windows Update:

BugFix Q3823982

This patch solves a vulnerability with Microsoft Internet Explorer Versions 4.0, 5.0, 5.5 and 6.0. A missing validation allowed snippits of code such as <form><input type cras.....

-----

This program has had a critical error and must be shut down...

This is correct behavior

[Christian Schladetsc]

// html_parser.cpp,v (C) 1990- Microsoft #include "html/parser.h" template void html_block(II F, II L) { for (; F != L; ++F) if (tag(*F)()) for (++F; F != L; ++F) if (tag(*F)::Type::val == Type::Crash) __asm int 3; } OK, they didnt use meta-programming C++ techniques, but there's code similiar to that in the IE source. This HTML rudely crashes IE: I didnt make that up. That's the actual contents of the html code that when processed by the HTML parser in IE crashes it. Its safe to look at here, because its not being processed by the parser - its being processed by the text renderer, which just draws text. Read it. Its not hard to understand, even if you've never seen HTML source before. The phrase "input type crash" demonstrates a clear intention, to, um, crash. It was included by the programmers for a number of very good reasons. I dont really care to list them all here. But this is clearly not a "bug". Actually, it shows good engineering practise. Microsoft rox0r. No, really, they do.

just to make sure

[InfoHighwayRoadkill]

I tested it a couple of dozen times and sent the WinXP error reports of to Microsfot like any good windows user would...

Who needs a few lines..

[Anonymous Coward]

I'm running IE 5.x and it crashes constantly with any help from a few lines of html.

MOD PARENT UP AS FUNNY

[thynk]

this is one of those times when I wish I had mod points. AH... maybe someday.

Re:Not a crash!

[Anonymous Coward]

Yes, from now on, MS has decided that IE will refuse to display non-standard html

Re:OS X IE Is Unaffected

[Anonymous Coward]

it was all like "beep beep beep" and then my browser crashed! and it was a really good website!

Re:Two points of significance for crashes.

[evilviper]

No matter what the input stream, the application should not respond by crashing.

Man, do I wish someone would tell the Mozilla team that...

Re:Microsoft...bleh.

[mrjb]

If you really want to prove a point, make sure its an html email then.

Re:MSFT Mac Apps

[Ninja Programmer]

• Windows Media Player for the Mac (they need a better name for that app) works, but feels like quick and dirty port...

No big surprise, it feels that way under Windows as well.

Re:Worth Pointing Out, I Think

[Vidiot3k]

You might want to get that checked out, I don't think it's healthy to fart bugs.

Re:OS X IE Is Unaffected

[Anonymous Coward]

Just tested on Mac OS X 10.2, no crash.

I wonder about IE + Linux + Wine?

In related news.........

[sjoel]

in related news, the microsoft operating system is buggy and full of holes.

Re:Couldn't resist.

[UnknownQ]

Who else couldn't resist from clicking on the link that would crash IE?

I couldn't, but then again I have Mozilla 1.3. I typed "BWAHAHAHAHAHA!" in the resulting text box.

Re:I tried with Opera

[Old Uncle Bill]

Those sneaky bastards must have QA'd that piece of code. How can MS really compete with that?

Re:OS X IE Is Unaffected

[jmauro]

IE's rendering engine on the Mac is completely different than the rendering engine on Windows. The MS Mac team did a great job re-implementing the entire engine. Now if they'd only port Mac IE to Windows I'd be happy.

Re:Poetic Justice

[FroMan]

I really don't see why this should be a bug. I mean when you consider that the web page is specifically telling the browser to crash and it does, that seems like the proper way to handle it. I think its mozilla that has the bug since I was able to view the document.

For the humor impaired I am using mozilla to post this.

OSS and the w3 falling behind - AGAIN!

[IIRCAFAIKIANAL]

I mean, IE implements the <input type crash> tags correctly and you all just noticed? Yet again we see that Microsoft IE is ahead of the game, implementing useful tags that the w3 hasn't even thought of yet.

Why is it that Microsoft is saddled with the burden of creating useful standards? Isn't this supposed to be the job of the w3?

I expect we'll have to wait a few years to see it in Moz and by then, microsoft will have implemented <input type explode into tiny pieces> or something even more spectacular.

Re:Very big deal

[bratmobile]

Oh my god! Someone found! A BUG! In SOFTWARE! And it happens on TOTALLY INVALID HTML! How could Microsoft possibly make such a horrible, horrible mistake!!

THIS NEVER HAPPENS ANYWHERE ELSE! Thank GOD the rest of the world is bug-free!

Re:Hah! I've got something that will crash IE also

[CCRancor]

It's really not a bug - you're just moving your mouse too slow ;)

It did not crash Lynx

[drunk_as_in_beer]

I repeat, it did not crash Lynx.

IE on Solaris

[Anonymous Coward]

As the world's last remaining user of IE 5.5 for Solaris sparc I felt it was my duty to report that the code also crashes this version.

Mind you, so does looking at it a bit funny

What if...

[dumboy]

MS did it on purpose for debugging purposes? Maybe a couple more tags like
<input type bluescreen>
<input type slow_machine_to_crawl>
<input type bsa_audit>
<input type flood_ISP [slashdot.org]>
exist and they just haven't been discovered yet.

Re:Two points of significance for crashes.

[FauxPasIII]

> Man, do I wish someone would tell the Mozilla team that...

I'm sure they'd be happy to give you your money back.

This is not fair

[unborn]

Why do Windows people get all these features. I don't even have a way to test it. Damn you Microsoft Monopoly. Damn you Konqui for refusing to crash when most needed.

Would thid be proof ...

[Anonymous Coward]

that IE is part of the O/S?

Re:Bugs, crashes

[craigeyb]

Nah, it's a feature, man! It prevents IE users from seeing non-Microsoft-certified websites!

Re:OS X IE Is Unaffected

[blitzoid]

See? You mac people just keep proving me right - macs just don't have all the features that Windows machines do!

Re:mozilla crashes too

[craigeyb]

...and most of the time the browser catches infinite loops...

Give it up for the Halting Problem Solution. Whoo whoo!

Re:Careful with those emails!

[HoaryCripple]

Is he still your friend?

Re:Inquirer says one line

[norweigiantroll]

<input type crash>
It's not a bug, it's a feature! The "crash" input type allows the user to crash the browser. It's very useful and another Microsoft (TM) innovation.

Re:Opera and Mozilla are not affected.

[Guppy06]

<input type crash>

IE is doing exactly what the tag is telling it to do. It's a feature, not a bug!

Re:Crashing != bug

[NickFitz]

He writes a library not software.

What, like a mediaeval monk? ;-)

I can do it in 12 bytes!!!!

[Anonymous Coward]

You people are just like microsoft with your bloated code. Wasting all the extra space with unneeded characters. If there's one thing a Bleveskovolokian knows how to do it's to save an extra few bytes. Try:

<input type>

That's all. None of that unneeded crap. 12 bytes and crash!! The most efficient IE crasher web page yet. Beat that! I dare you.

Re:Wait a minute.

[moncyb]

Maybe because no one can read it? What does it say? It appears to use english words, but well...

crash test

[kavau]

...you can test/crash your IE by going here.

It wor

IE under XP crashes

[pollotech]

I can't beleave this Micro$oft people, I have XP Professional with IE 6.0.26 and crashes too. I thought this kind of so evident IE problems where over after version 4.

Re:Two points of significance for crashes.

[FauxPasIII]

> Internet Explorer is free as well.

Only in the same sense that the Sports Illustrated football phone is free.

IE

[gobbligook]

IE just crashes cause it has nothing better to do. Bottom line, if you want reliability use lynx, if you want unreliable bloat use IE.

MS Crash Month

[lostchicken]

...as it seems that [this] is the Microsoft Crash mounth [sic]...

Isn't every month MS crash month?

Re:NULL pointers and error handling

[HiThere]

And this is a part of why idiot lights are a really inferior replacement for gagues. If the gague died, you could tell immediately, as it needle dropped to the bottom (or pegged the top).

Another vile interface with idiot lights is the one that has an indecipherable light. Several mechanics have not been able to figure out what it means that one idiot light in my car sometimes comes on. One time it was fixed for about a week by adding oil (the oil light didn't come one, but when I checked the dipstick it was v. low). The owner's manual is... inscrutable.

Now, how to tie this back to null pointers... null pointers are sometimes 0 values that get stuck into pointers by accident. I don't think I've ever seen a good valid use of a null pointer as a pointer. But it's the default initial value (when there is one). So null pointer references *should* be disallowed. But I've encountered bad valid uses of null pointers. I've seen code where location 0 was used to store a value that needed to be globally accessible. (This may have been on a Z80, or some such.) Now that was a bad valid use of a 0 pointer, but it did allow code to be relocated. The problem was, if you encountered a pointer, you couldn't tell the difference between a null pointer and a 0 pointer. This lead to many troublesome errors. A far better choice is to just disallow it.

input type crash

[cyclist1200]

Finally, software that does what it's told!

Would the inverse apply?

[Transcendent]

If that crashes it... would "<input type install_unix>" fix windows?

Re:Crasher warning

[Anonymous Coward]

Proffesor Fink: "My sarcasm detector is going off the scale!"

Comic Book Guy: "Yeah like thats a useful invention"

(Sound of exploding Device)