219Re: [caplet] ADsafe and bind
- May 22, 2008David-Sarah Hopwood wrote:
> Douglas Crockford wrote:While I remember, I think you also need to blacklist 'stack'.
>> ADsafe will block the bind method. The bind method proposed for ES3.1
>> is safe, but the bind methods provided by the current Ajax libraries
>> are not because they can bind to the global object.
> Don't some of these libraries have other aliases for bind-like methods?
> For example Prototype has 'bindAsEventListener', although I don't know of
> any specific attack based on that in the context of ADsafe.
- << Previous post in topic Next post in topic >>