This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
1. Open https://validator.w3.org/#validate_by_input 2. Paste the source code for the billion laughs attack: https://en.wikipedia.org/wiki/Billion_laughs 3. Server responds with "500 Internal Server Error"
Here is a similar attack https://www.everipedia.com/Zip_bomb/