Loading ...
Sorry, an error occurred while loading the content.

Re: [caplet] adsafe.js

Expand Messages
  • David-Sarah Hopwood
    ... I was slightly unclear here. Encapsulation of the underlying DOM node objects from the script is required; in the implementation I suggested, that is
    Message 1 of 7 , Jun 6, 2008
    • 0 Attachment
      David-Sarah Hopwood wrote:
      > Note that, unlike in Caja or Jacaranda, these methods cannot refer to
      > 'this', because ADsafe does not prevent obtaining a property that holds
      > a function and then calling it with 'this' bound to the global object.
      > ADsafe also does not prevent setting arbitrary properties (unless they
      > start with _ or are blacklisted), so there is no encapsulation between
      > objects created by a given script, including handle objects. However,
      > encapsulation is not strictly needed for ADsafe's threat model.

      I was slightly unclear here. Encapsulation of the underlying DOM node
      objects from the script is required; in the implementation I suggested,
      that is achieved by a combination of holding the node in a property that
      starts with _, and lexical closures. Encapsulation of other properties
      of the handle objects from the script is not required: it does not matter
      that a script can replace methods of a handle object, for example.

      --
      David-Sarah Hopwood
    • David-Sarah Hopwood
      ... [...] ... [...] ... This will leak memory on IE (even after the nodes array has become unreferenced after leaving the page), because JScript s excuse for a
      Message 2 of 7 , Jun 7, 2008
      • 0 Attachment
        David-Sarah Hopwood wrote:
        > Adam Barth wrote:
        >> On Tue, Jun 3, 2008 at 1:40 PM, Douglas Crockford
        >> <douglas@...> wrote:
        >>> The first edition of adsafe.js is available at
        >>> http://adsafe.org/adsafe.js. It still lacks dom wrappage and
        >>> interwidget communication.
        >>
        >> Attached is a rough first draft of a safe DOM wrapper. The main idea
        >> is that untrusted script views DOM nodes simply as integer handles.
        >
        > It would be easy to make the handles opaque:
        >
        [...]
        > node.__safe_dom_handle__ = handle;
        [...]
        > function makeHandle(node) {
        > return {__node__: node};
        > }

        This will leak memory on IE (even after the nodes array has become
        unreferenced after leaving the page), because JScript's excuse for a
        garbage collector cannot collect cycles that involve a DOM object.
        That problem could be fixed by having the node object store the index
        of the handle in the nodes array, rather than a reference to the handle.

        --
        David-Sarah Hopwood
      • Douglas Crockford
        I repaired some leakage in the ADsafe Ajax library. Grateful thanks to John Mitchell, Sergio Maffeis, and Ankur Taly. http://www.doc.ic.ac.uk/~maffeis/ I also
        Message 3 of 7 , Jul 31, 2009
        • 0 Attachment
          I repaired some leakage in the ADsafe Ajax library. Grateful thanks to John Mitchell, Sergio Maffeis, and Ankur Taly. http://www.doc.ic.ac.uk/~maffeis/

          I also changed the restrictions on ADSAFE.get and ADSAFE.put. They now reject negative numbers and strings starting with '-'.
        • Douglas Crockford
          ... This produces a bunch from which all text nodes containing only whitespace are removed I added these bunch methods: .each(func) The function is called for
          Message 4 of 7 , Aug 7, 2009
          • 0 Attachment
            I added a new query pattern:

            :trim

            This produces a bunch from which all
            text nodes containing only whitespace
            are removed

            I added these bunch methods:

            .each(func)

            The function is called for each node in
            the bunch.

            .title(value)

            Set the title attribute of each node.

            .getTitle()

            Get the title attribute of each node.

            I changed the way ADSAFE._intercept(func) works.
            It is now called as a method, passing a function
            that will be called when a new widget is started.

            http://www.JSLint.com/ is now an ADsafe widget.
          Your message has been successfully submitted and would be delivered to recipients shortly.