Reading Mozilla's Color Coding in 'view source'

I understand what green (comments) black (attribute) blue (value) red (end tag) and Purple (tags), but wth does pink mean? I tried some php injection on a website and my injected php wasn't visible on the page after it was reloaded, but when I viewed the source it was in the source where i injected it but it was pink?

Any Idea?

i think pink is for server side executable code

DeafCode wrote: i think pink is for server side executable code

strange then i wonder why it didnt execute? this server has no input validation, and i would like to upload a shell and leave a note for the admin..

I tried to do a header <?php (location: http://google.com); ?> what would be a reason for that not executing??

idk im not good with we programming

You can't inject php through XSS!!!! Only through RFI, if you use search page, there is few days old thread where Mr_Cheese explains it

btw pink color is server side code, that doesn't get executed on the server

clone4 wrote: You can't inject php through XSS!!!! Only through RFI @OP: Listen to this. There's a big difference between injecting PHP and injecting HTML or javascript.

@clone4: It's not only possible through RFI; let's not forget about eval() ;) (although RFI is far more common)

Uber0n wrote: @clone4: It's not only possible through RFI; let's not forget about eval() ;) (although RFI is far more common)

yeah forgot about that one :) well thx for correction :D