Loading ...
Sorry, an error occurred while loading the content.

57Re: ADsafe, Take 2

Expand Messages
  • collin_jackson
    Oct 1, 2007
      Not all dangerous dereferences are functions:

      (function() {
      var javascript = "javascript"; javascript += ":alert(42)";
      ADSAFE.get({}, "__parent__").location = javascript;
      })();

      --- In caplet@yahoogroups.com, "Douglas Crockford" <douglas@...> wrote:
      > I am now disallowing the use of subscripting. In its place, I will be
      > providing ADSAFE.get(object, name) and ADSAFE.set(object, name,
      value)
      > that will do checking.
      >
      > You can assume the presence of those methods. They will reject
      > requests where the typeof object or value or the returned value are
      > 'function'.
      >
      > If you can get past ADsafe to alert on any one browser, then ADsafe
      is
      > broken.
    • Show all 3 messages in this topic