... I'm confused -- how does it know that the middle '/' in "/[/]/" is "internal"? Is it lexing according to the intersection of Pattern from section 15.10.1,...
David-Sarah Hopwood
david.hopwood@...
Feb 10, 2009 2:44 pm
281
... You're right, but so what? The IE bug and monopoly combined to create a de-facto standard. Appealing to the de-jure standard does you no good, and...
... Plenty. But I suspect you know of them. There's conditional compilation comments /* @cc_on */, and there's the newlines in block comments thing return /*...
... Fixed in Firefox 3.1 beta nightlies: https://bugzilla.mozilla.org/show_bug.cgi?id=475834 We could push the fix back into a 3.0.x maintenance release if it ...
Suppose that S is a Unicode string in which each character matches ValidChar below, not containing the subsequences "<!", "</" or "]]>", and not containing...
David-Sarah Hopwood
david.hopwood@...
Feb 16, 2009 3:16 pm
285
No, I'm not paranoid enough yet. It's not sufficient only to say that the HTML is encoded as UTF-8 (see below). David-Sarah Hopwood wrote: [...] ... I meant,...
David-Sarah Hopwood
david.hopwood@...
Feb 16, 2009 4:29 pm
286
2009/2/16 David-Sarah Hopwood <david.hopwood@...> ... So no surrogates? ... Why include FFEF? ... You may still be subject to encoding...
... Correct. They're not characters (or even "noncharacters"). ... It's unassigned, and there's no particular reason to exclude it. (\uFFF0-\uFFF8 are also...
David-Sarah Hopwood
david.hopwood@...
Feb 17, 2009 11:13 am
288
... Isn't it the reflection of fffe, the byte-order-marker. This is probably a very minor issue, but if one part of a parser naively delegates to another...
... [...] ... No, \uFEFF is the BOM, and its byte-reflection \uFFFE is a noncharacter, so already excluded from ValidChar. (Thought you'd spotted something I'd...
This is announcement of the call for papers for the third in a series of successful workshops on topics related to security and privacy for Web 2.0. This...
I added +tagName to the ADsafe query language. It selects the immediate sibling, so dom.q("h1+p") selects all of the <p> that immediately follow an <h1>....
Doug, Do you know whether you will have time in the next few days (before March 25) to review a few of the papers submitted to W2SP this year? There are a few...
This workshop may be of interest to subscribers of this mailing list Web 2.0 Security & Privacy 2009 Claremont Resort in Oakland, California May 21, 2009 ...
Reminder: One week until the workshop. Web 2.0 Security & Privacy 2009 Claremont Resort in Oakland, California May 21, 2009 http://w2spconf.com/2009/ The goal...
... From: Mark S. Miller <erights@...> Date: Tue, May 19, 2009 at 7:52 PM Subject: Techtalk on EcmaScript 5 To: "es5-discuss@..."...
Mark S. Miller
erights@...
May 20, 2009 3:00 am
297
I slimmed down the ADsafe banned list. These are the names of members that may not be accessed. This list is now: arguments callee caller constructor eval ...
... I do not understand the value in preventing information leaks here. What is the hazard? I am considering the blocking of try/catch in ADsafe. I am...
On Sun, May 24, 2009 at 7:49 AM, Douglas Crockford ... Javascript's catch is also problematic since it enables catching of stack overflow and out of memory...
... I'd like to know too -- you can throw an object that you could return, so that's not it. Is it the ES3 spec bug, not implemented by many browsers, where...
... What about stack overflow? ... I did the testing during the caja security review and I believe I got an exploit working in both IE 6 and Firefox 2 on...
Hi folks, Joel was playing around with ADsafe today and noticed that the verifier seems to be broken at the moment. For example, this widget passes the...
Hey I wanted to let you guys know that for now I'm discontinuing research on FBJS2. Basically at this time instead we're focusing on Facebook Connect (external...
We should add tests though to make sure we stay invulnerable to that. 2009/7/29 Mike Stay <metaweta@...> ... We should add tests though to make sure we...
I repaired some leakage in the ADsafe Ajax library. Grateful thanks to John Mitchell, Sergio Maffeis, and Ankur Taly. http://www.doc.ic.ac.uk/~maffeis/ I also...
The ADsafe verifier now rejects programs that use the arguments pseudo array. The ADsafe verifier now rejects programs that use expressions with the subscript...
... This produces a bunch from which all text nodes containing only whitespace are removed I added these bunch methods: .each(func) The function is called for...
What's the recommended idiom for iterating over the elements of an array? I had been using: for (var i = 0; i !== v.length; i += 1) { var element = v[+i]; ... ...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
