Re: [caplet] ADsafe, Take 4
- catch is problematic.
Below is my writeup of scoping re catch.
If my recollections of the behavior of old versions of Firefox/Mozilla are correct, then catch can be used to inject into the global namespace, to, for example, replace encodeURIComponent/encodeURI with a function that when called by the embedding page, would substitute malicious cgi parameters into a URL possibly tricking the embedding page into issuing a completely different request than the one it intended.On 04/10/2007, Douglas Crockford <douglas@...> wrote:
I have put more limitations on what is tolerated in HTML. I suspect
there are more gremlins out there.
I am worried about catch(name) clauses. The way that name is scoped is
unexpected. I think there may be more problems there.
Big thanks to everyone who has been looking at this.
- --- In email@example.com, "Mike Samuel" <mikesamuel@...> wrote:
>Does any browser include object references or functions in its
> catch is problematic.