Loading ...
Sorry, an error occurred while loading the content.

153Re: [caplet] ADsafe validation

Expand Messages
  • David-Sarah Hopwood
    Mar 17, 2008
      Kris Zyp wrote:
      > [...] I wonder how small a validator could be that only did ADsafe validation
      > (and it would not even need to check for valid JavaScript since eval does that).

      A validator for a Javascript subset like ADsafe does have to check for
      syntactic validity, because:

      - it cannot trust the browser's eval to accept only Javascript from a
      known dialect of the language; browser extensions might be insecure

      - it must parse the Javascript anyway, which implicitly checks that
      it is syntactically valid.

      --
      David-Sarah Hopwood
    • Show all 16 messages in this topic