Loading ...
Sorry, an error occurred while loading the content.

Re: [caplet] ADsafe

Expand Messages
  • David Hopwood
    ... What is the rule that is being applied to: (function () { var y = constructor ; ({}[y])( alert( hi ) )(); })(); that provokes an ADsafe restriction, when
    Message 1 of 36 , Sep 30, 2007
    • 0 Attachment
      Mike Samuel wrote:
      > (function () {
      > var x = function () {};
      > var y = 'constructor';
      > var z = (x[y]);
      > var w = z('alert("hi")');
      > w();
      > })();

      What is the rule that is being applied to:

      (function () {
      var y = 'constructor';
      ({}[y])('alert("hi")')();
      })();

      that provokes an ADsafe restriction, when

      (function () {
      var y = 'constructor';
      var z = {}[y];
      z('alert("hi")')();
      })();

      is accepted?

      The problem here is that, in testing whether a particular approach to
      an attack works, an example may fail for some incidental reason unrelated
      to the attempted attack (because jslint is trying to enforce various
      coding conventions as well as language security). I think this may put a
      greater obstacle in the way of reviewers of the ADsafe mechanism than
      it puts in the way of real attackers.

      To make that criticism more constructive: is there a way to turn off
      all restrictions that are not intended to be security-enforcing?

      --
      David Hopwood <david.hopwood@...>
    • Douglas Crockford
      I updated the ADsafe DOM interface. Previously, a method like .getValue() could return undefined a single value an array of values depending on the number of
      Message 36 of 36 , Nov 11, 2010
      • 0 Attachment
        I updated the ADsafe DOM interface. Previously, a method like .getValue() could return

        undefined
        a single value
        an array of values

        depending on the number of results. Now, a method like .getValue() will return the first value that is available, or undefined if there are none. A new method, .getValues() will always return an array, possibly an empty array.
      Your message has been successfully submitted and would be delivered to recipients shortly.