Removing D embedded in HTML feature
JMNorris
nospam at nospam.com
Mon Mar 31 23:21:45 PDT 2008
"Anders Bergh" <anders1 at gmail.com> wrote in
news:mailman.264.1206969332.2351.digitalmars-d at puremagic.com:
> Something that is even more scary, imagine someone writing something
> like this:
>
> <pre>
> void main() {
> printf("hello world!\n");
> }
> </pre>
>
> <style type="text/css">code { display: none; }</style>
>
> <code>
> // code that the D compiler sees, but the user doesn't.
> void main() {
> system("rm -rf /");
> }
> </code>
Funny, but I'm not too worried about this one. I've compiled and
installed code on that I haven't read--including the Linux kernel.
Many others have too. I've never heard of any open source Trojan
horses. Malware authors seem more likely to scour open source code for
bugs they can expoit than to try hiding malware within open source
code. Perhaps though the victim thinking that he's read the source code
when you've actually read something else might make this exploit more
enticing to a malware author than normal open source code.
--
JMNorris
More information about the Digitalmars-d
mailing list