Loading ...
Sorry, an error occurred while loading the content.

185Re: [caplet] ADsafe and the Standard Globals

Expand Messages
  • Kris Zyp
    Apr 9 10:17 PM
      > Array Boolean Date decodeURI decodeURIComponent encodeURI
      >
      encodeURIComponent Error escape EvalError isFinite isNaN
      > Math Number
      Object parseInt parseFloat RangeError
      > ReferenceError RegExp String
      SyntaxError TypeError unescape
      > URIError
      No confirm, alert, or prompt? Preventing annoyance exploits? ;) Or is there another exploit I am not aware of?
      Kris
       
       
       
      ----- Original Message -----
      Sent: Wednesday, April 09, 2008 5:48 PM
      Subject: [caplet] ADsafe and the Standard Globals

      I am relaxing ADsafe to allow access to these standard globals:

      Array Boolean Date decodeURI decodeURIComponent encodeURI
      encodeURIComponent Error escape EvalError isFinite isNaN
      Math Number Object parseInt parseFloat RangeError
      ReferenceError RegExp String SyntaxError TypeError unescape
      URIError

      Access to the globals eval and Function are still not allowed, no way
      no how.

      Access is limited the same way as the ADSAFE object, in that only
      invocation of functions is allowed. These operations are not allowed:

      o = Object;
      o = Object.foo;
      Object = null;
      Object.foo = null;

      Functions may be invoked:

      Object();
      Object.foo() ;

      Values may be obtain only for these member names:

      E LN2 LN10 LOG2E LOG10E PI SQRT1_2 SQRT2 MAX_VALUE MIN_VALUE
      NEGATIVE_INFINITY POSITIVE_INFINITY

      so

      Object.PI

      is allowed.

    • Show all 15 messages in this topic