Loading ...
Sorry, an error occurred while loading the content.

Re: ADsafe, Take 2

Expand Messages
  • Douglas Crockford
    ... Quite right. I should have mentioned that get and put will also block the same members that ADsafe blocks, including names starting with _.
    Message 1 of 3 , Oct 1, 2007
    • 0 Attachment
      --- In caplet@yahoogroups.com, "collin_jackson" <collinj@...> wrote:
      >
      > Not all dangerous dereferences are functions:
      >
      > (function() {
      > var javascript = "javascript"; javascript += ":alert(42)";
      > ADSAFE.get({}, "__parent__").location = javascript;
      > })();

      Quite right. I should have mentioned that get and put will also block
      the same members that ADsafe blocks, including names starting with _.
    Your message has been successfully submitted and would be delivered to recipients shortly.