Loading ...
Sorry, an error occurred while loading the content.

Re: [caplet] Re: ADsafe

Expand Messages
  • Mike Samuel
    or obj[( ) | 0] assuming that NaN is not a sensitive identifier.
    Message 1 of 36 , Sep 30, 2007
    • 0 Attachment

        obj[(<arbitrary expression>) | 0]

      assuming that 'NaN' is not a sensitive identifier.

      On 30/09/2007, Mike Samuel <mikesamuel@...> wrote:
      Or you allow an idiom that first asserts that the index is safe

      ('number' === typeof i) && obj[<expr>]

      Where expression is allowed to be something that contains references to i, numeric literals, and operators that return numbers given numbers.


      On 30/09/2007, collin_jackson < collinj@...> wrote:

      Square brackets are clearly problematic, as they allow access to eval.
      I suggest you deny them entirely and (optionally) allow authors use
      the ADSAFE API to proxy their array indexing.

      Instead of
      foo[bar] = foo[bar] + 1;
      ADSAFE.setIndex(foo, bar, ADSAFE.getIndex(foo, bar) + 1);

      The ADSAFE getIndex and setIndex API could ensure that "bar" is a
      number or safe string.

      --- In caplet@yahoogroups.com, "Douglas Crockford" <douglas@...> wrote:
      > JSLint.com contains an ADsafe feature. Its intent is to enforce a safe
      > subset of JavaScript for use in ads and widgets. ADsafe requires no
      > transformations. It relies solely on verification. Its rules require
      > that programs be written in a functional style. It rejects programs
      > written in the pseudoclassical or prototypal styles. I am finding that
      > the functional style is the most expressive. It also has the best
      > security properties.
      > ADsafe does not allow definition of global variables or functions. It
      > grants one capability, the ADSAFE object, through which other
      > capabilities might be obtained. It does not allow access to any
      > globals except for the ADSAFE object. It does not allow modification
      > of the ADSAFE object. It does not allow method invocations in the []
      > form. It does not allow the use of these names:
      > apply call callee caller clone constructor eval new
      > prototype source this toSource toString watch
      > I need your help in testing its robustness. Are the rules sufficient
      > to prevent all direct access to the DOM and the global object? Are
      > there any small leaks that I am unaware of? Is the approach I'm taking
      > inherently unsound? What additional restrictions are required to
      > prevent unintended collusion?
      > So this is the test:
      > Write a program in the form
      > (function () {
      > ...
      > })();
      > where the ... is replaced by code that calls the alert function when
      > run on any browser. If the program produces no errors when linted with
      > the ADsafe option, then I will buy you a plate of shrimp.

    • Douglas Crockford
      I updated the ADsafe DOM interface. Previously, a method like .getValue() could return undefined a single value an array of values depending on the number of
      Message 36 of 36 , Nov 11, 2010
      • 0 Attachment
        I updated the ADsafe DOM interface. Previously, a method like .getValue() could return

        a single value
        an array of values

        depending on the number of results. Now, a method like .getValue() will return the first value that is available, or undefined if there are none. A new method, .getValues() will always return an array, possibly an empty array.
      Your message has been successfully submitted and would be delivered to recipients shortly.