Version: (using KDE 4.0.3KDE 1.2) Installed from: Ubuntu PackagesUbuntu Packages OS: Linux I noticed this come up when a page rendered incorrectly for me in Konqueror for no apparent reason (the page was http://www.vbulletin.com/forum/project.php?issueid=25345) For some reason - Konqueror is treating <!-- in the title as a comment, removing the rest of the title from display. If however, somewhere in the rest of the HTML there is a --> - then it will treat any further <!-- in the code as comments ... A shorter reproduction than the above can be found at http://files.sourceguru.net/konqtestcase.html - compare the Source code to what is actually displayed.
This also appears in Konq 3.5.9
Confirmed on trunk r802362.
Created attachment 24556 [details] testcase Uploaded Martin's testcase
Created attachment 24557 [details] testcase Modified the testcase a little to triage the problem.
Created attachment 24558 [details] Test case to show this only occurs with <!-- in the title tag
*** Bug 160464 has been marked as a duplicate of this bug. ***
also see http://bugs.kde.org/show_bug.cgi?id=83284 for a page that doesn't display nicely.
This also creates security issues, as any < or > in the rest of the page get interpreted literally. For example <script>alert(document.cookie);</script> Will be interpreted as <script>alert(document.cookie)</script>
changed priority to high as this could cause major security issues.
I could reproduce this bug with these testcases http://bugs.kde.org/show_bug.cgi?id=83284 http://bugs.kde.org/attachment.cgi?id=24557&action=view This testcase passed (did not display the bug): http://bugs.kde.org/attachment.cgi?id=24558&action=view using trunk r814918
Still valid in current trunk : Qt: 4.4.3 KDE: 4.1.85 (KDE 4.1.85 (KDE 4.2 Beta2)) kdelibs svn rev. 899634 / kdebase svn rev. 899635 on ArchLinux x86_64 - Kernel 2.6.27.8
SVN commit 1062741 by jtamate: BUG: 83284 BUG: 161409 <-- is no longer a comment start. http://reviewboard.kde.org/r/2358/ M +1 -1 htmltokenizer.cpp WebSVN link: http://websvn.kde.org/?view=rev&revision=1062741
SVN commit 1070587 by ggarand: change r1062741 to rather skip comment detection in |title| altogether, in order to avoid some regressions in |script| tag parsing. This should be functionally equivalent (see comments on #83284) and is actually closer to the behaviour of Gecko. CCBUG: 83284 CCBUG: 161409 M +1 -1 htmltokenizer.cpp WebSVN link: http://websvn.kde.org/?view=rev&revision=1070587