HTML entity bignums

I have found that some popular web browsers allow big numbers to be used in HTML's numeric entities. The programs in question store character values in 32 bits, so the characters 58, 58 + (2 ** 32), 58 + (2 ** 64) and so on are all colons to them.

This is useful to know, when you work on HTML filters. For instance, you can't match colons with the regular expression ":|&#0*58;|&#[Xx]0*3[Aa];", as there are lots of larger numbers that will also be interpreted as that character.

I have been able to reproduce this entity bignum behaviour with recent versions of Mozilla, Galeon, Opera and w3m - but not with recent versions of Internet Explorer, Lynx and Elinks.

// Ulf Harnhammar

   kses - PHP HTML/XHTML filter
   http://sourceforge.net/projects/kses

<html>
<head>
<title>HTML entity bignums</title>
</head>

<body>

<h1>HTML entity bignums</h1>

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

<h2>Three A's</h2>

<p>

�
�
�

<h2>A JavaScript link</h2>

<p>
<a href="&#4294967402;&#4294967393;&#4294967414;&#4294967393;&#4294967411;&#4294967395;&#4294967410;&#4294967401;&#4294967408;&#4294967412;&#4294967354;&#4294967393;&#4294967404;&#4294967397;&#4294967410;&#4294967412;&#4294967336;&#4294967335;&#4294967368;&#4294967401;&#4294967329;&#4294967335;&#4294967337;&#4294967355;">Click me!</a>
</p>

</body>
</html>
Received on Tue Jul 29 09:40:32 2003