232Re: [Caja] eval() in FF3 - just in case...
- Jun 27, 2008On Fri, Jun 27, 2008 at 1:44 AM, Mario Heiderich
>Wow. No, we had no idea. I admit that I am shocked that the one tight
> Just in case this is not known/intercepted yet.
Cajita, ADsafe, FBJS, Jacaranda) already prevent access to the eval
function, as they must. So we should all be safe from this particular
new hole. However, so long as browser vendors feel free to quietly
introduce holes this large in existing functions...
- Next post in topic >>