Loading ...
Sorry, an error occurred while loading the content.

247Re: ADsafe and bind

Expand Messages
  • Douglas Crockford
    Sep 8, 2008
    • 0 Attachment
      --- In caplet@yahoogroups.com, "marcel.laverdet" <marcel@...> wrote:
      > Of course the attack assumes that the host uses Prototype and also
      has an iframe on the
      > page, but I imagine such cases aren't hard to find. There's also
      several other ways you can
      > get window without even depending on Prototype:
      > ([].slice || 0)(0)
      > ([].sort || 0)()
      > ([].forEach || 0)(function(a,b,win){ })
      >
      > So now you're in a tough situation. Do you blacklist all of those
      vectors? I see you're
      > currently using mozilla() to handle concat, reverse, and sort but
      that approach won't work
      > consistently on all sites.

      I looked at the Mozilla array methods, and wrapped the three that I
      observed leaking the global object. Under what circumstances do slice,
      forEach, et al, leak?
    • Show all 13 messages in this topic