Loading ...
Sorry, an error occurred while loading the content.

ADSAFE.lib

Expand Messages
  • Douglas Crockford
    ADSAFE.lib now subjects its name parameter to the same rules used generally on properties. Ankur Taly had discovered an attack by using a particular banned
    Message 1 of 5 , Sep 17, 2010
    • 0 Attachment
      ADSAFE.lib now subjects its name parameter to the same rules used generally on properties.

      Ankur Taly had discovered an attack by using a particular banned name as a library name.
    • forewer2000
      Hi all, In the adsafe.js I found that the reject_name(name) function is used at three location in this procedural form. Ex. at line 1087 : getStyle: function
      Message 2 of 5 , Oct 26, 2010
      • 0 Attachment
        Hi all,

        In the adsafe.js I found that the reject_name(name) function is used
        at three location in this "procedural" form.
        Ex. at line 1087 :
        getStyle: function (name) {
        reject_global(this);
        reject_name(name);
        var a = [], b = this.___nodes___, i, node, s;

        I wonder what is the purpose to use here, if the function returns a true or false value what is actually not used?
      • Douglas Crockford
        ... On some browsers, accessing the constructor style would return a function, which is not desirable, so an exception is raised instead.
        Message 3 of 5 , Oct 26, 2010
        • 0 Attachment
          > I wonder what is the purpose to use here, if the function returns a true or false value what is actually not used?

          On some browsers, accessing the constructor style would return a function, which is not desirable, so an exception is raised instead.
        • Nagy Endre
          I mean calling the reject_name function with a name it returns true or false. For instance if I call reject_name( constructor ) than i will get true because
          Message 4 of 5 , Oct 26, 2010
          • 0 Attachment
            I mean calling the reject_name function with a name it returns true or false.
            For instance if I call reject_name('constructor') than i will get true because the constructor it's on the banned list,
             but I don't see how this throw an exception when it's called this way:

                            reject_name(name);

            and this is a function:

            function reject_name(name) {
                    return banned[name] ||
                            ((typeof name !== 'number' || name < 0) &&
                            (typeof name !== 'string'  || name.charAt(0) === '_' ||
                            name.slice(-1) === '_'     || name.charAt(0) === '-'));
                }

            Should' t need something like:
                 if (reject_name(name)) {
                     throw('..');
                }
            ?




            From: Douglas Crockford <douglas@...>
            To: caplet@yahoogroups.com
            Sent: Tue, October 26, 2010 2:47:31 PM
            Subject: [caplet] Re: adsafe

             

            > I wonder what is the purpose to use here, if the function returns a true or false value what is actually not used?

            On some browsers, accessing the constructor style would return a function, which is not desirable, so an exception is raised instead.


          • Douglas Crockford
            ... Quite right. Thank you very much.
            Message 5 of 5 , Oct 26, 2010
            • 0 Attachment
              --- In caplet@yahoogroups.com, Nagy Endre <forewer2000@...> wrote:
              >
              > I mean calling the reject_name function with a name it returns true or false.
              > For instance if I call reject_name('constructor') than i will get true because
              > the constructor it's on the banned list,
              > but I don't see how this throw an exception when it's called...

              Quite right. Thank you very much.
            Your message has been successfully submitted and would be delivered to recipients shortly.