Loading ...
Sorry, an error occurred while loading the content.
Advanced Search
Author
Subject
Message
Special notice only

44 results from messages in caplet

Advanced Search
  • Mike Samuel wrote: > 2009/2/17 David-Sarah Hopwood : >> Mike Samuel wrote: >>> 2009/2/16 David-Sarah Hopwood >>>> ValidChar :: one of [...] >>>> [\uFF00-\uFFEF] >>> Why include FFEF? >> It's unassigned, and there's no particular reason to exclude it. >> (\uFFF0-\uFFF8 are also unassigned, but that's an area reserved >> for "special" characters.) > > Isn't it the reflection of fffe...
    David-Sarah Hopwood Feb 18, 2009
  • Mike Samuel wrote: > 2009/2/16 David-Sarah Hopwood >> Suppose that S is a Unicode string in which each character matches >> ValidChar below, not containing the subsequences " ", and >> not containing ("&" followed by a character not matching AmpFollower). >> S encodes a syntactically correct ES3 or ES3.1 source text chosen by >> an attacker. >> >> ValidChar :: one of >> '\u0009...
    David-Sarah Hopwood Feb 17, 2009
  • No, I'm not paranoid enough yet. It's not sufficient only to say that the HTML is encoded as UTF-8 (see below). David-Sarah Hopwood wrote: [...] > The HTML or XHTML document starts with a correct in the case of HTML, or in the case of XHTML. (This will also put the parser into sane^H^H^H^Hstandards...
    David-Sarah Hopwood Feb 16, 2009
  • Fetching Sponsored Content...
  • Suppose that S is a Unicode string in which each character matches ValidChar below, not containing the subsequences " ", and not containing ("&" followed by a character not matching AmpFollower). S encodes a syntactically correct ES3 or ES3.1 source text chosen by an attacker. ValidChar :: one of '\u0009' '\u000A' '\u000D' // TAB, LF, CR [\u0020-\u007E] [\u00A0-\u00AC] [\u00AE...
    David-Sarah Hopwood Feb 16, 2009
  • Douglas Crockford wrote: > David-Sarah Hopwood wrote: >> Consider the following JavaScript source: >> >> [ /[/]/ /foo]/ + bar >> >> According to the ES3 spec, this is interpreted as: >> >> [ new RegExp("[") ] / new RegExp("foo]") + bar >> >> According to the ES3.1 draft spec, it is interpreted as: >> >> [ new RegExp("[\/]") / foo ] / +bar >> >> Apparently, Firefox and IE7 were...
    David-Sarah Hopwood Feb 10, 2009
  • Brendan Eich wrote: > On Feb 9, 2009, at 9:42 AM, Marcel Laverdet wrote: > >> From what I remember this started out as a bug in IE and then >> Firefox followed suit for compatibility which left the other >> browsers with no choice. > > No, other browsers followed suit first. > >> I can't find the original bug but `/[/]/` only started parsing in >> FF1.5, in FF1.0 it would throw a...
    David-Sarah Hopwood Feb 10, 2009
  • Marcel Laverdet wrote: > > From what I remember this started out as a bug in IE and then Firefox > followed suit for compatibility which left the other browsers with no > choice. I can't find the original bug but `/[/]/` only started parsing > in FF1.5, in FF1.0 it would throw a syntax error. > > You could throw out any malformed regexp literals (any that differ > between ES3 \ ES3...
    David-Sarah Hopwood Feb 10, 2009
  • Consider the following JavaScript source: [ /[/]/ /foo]/ + bar According to the ES3 spec, this is interpreted as: [ new RegExp("[") ] / new RegExp("foo]") + bar According to the ES3.1 draft spec, it is interpreted as: [ new RegExp("[\/]") / foo ] / +bar Apparently, Firefox and IE7 were lexing regexp literals in the way ES3.1 specifies. I had considered re-allowing regexp literals...
    David-Sarah Hopwood Feb 9, 2009
  • Douglas Crockford wrote: > I added setExpression to the banned method list. This is a Microsoft DOM method . It's clearly unsafe, but AFAIK, it only has an effect on objects that represent stylesheets or that have DHTML properties. So, shouldn't it be made inaccessible by DOM taming rather than by the method/property blacklist? It is unsafe to give direct access to any DOM object...
    David-Sarah Hopwood Jul 17, 2008
  • David-Sarah Hopwood wrote: > Adam Barth wrote: >> On Tue, Jun 3, 2008 at 1:40 PM, Douglas Crockford >> wrote: >>> The first edition of adsafe.js is available at >>> http://adsafe.org/adsafe.js. It still lacks dom wrappage and >>> interwidget communication. >> >> Attached is a rough first draft of a safe DOM wrapper. The main idea >> is that untrusted script views DOM nodes simply...
    David-Sarah Hopwood Jun 7, 2008