... ... Now that ANTLR 3 has a retargetable backend, this might be a good motivation to get a JavaScript backend implemented. ActionScript, perl, Python &...
I updated JSLint today in a step to bring more truth to this expression: JSON < ADsafe < Cajita < Caja < ES3 < Proposed ES4 ADsafe now allows all strings as...
I relaxed the ADsafe.get(object, name) function. The only names it excludes now are the _hanging_underbar_ names. It allows all other names. It requires that...
I have been thinking about capabilities-based security and ES subsets like ADsafe and Caja, and was thinking about another subset that is intriguing to me and...
I am the co-chair of the second workshop on Web 2.0 Security and Privacy (http://seclab.cs.rice.edu/w2sp/2008/cfp.html). It will be held the day after the IEEE...
Doug/ADsafe people, Has there been any efforts to produce a lightweight minimal-sized ADsafe validator? With the coming browser capabilities in Cross-site XHR...
... ADsafe validator? With the coming browser capabilities in Cross-site XHR (MS's XDR and W3C/AC proposal) and the new postMessage API, it seems there will be...
Results of a quick experiment: Pulling stuff out of JSLint.js that is not needed for ADsafe validation of JavaScript produced an adsafe.js file that is 34K. I...
... A validator for a Javascript subset like ADsafe does have to check for syntactic validity, because: - it cannot trust the browser's eval to accept only...
David-Sarah Hopwood
david.hopwood@...
Mar 17, 2008 5:05 pm
154
Here is my attempt at an ADsafe validator: http://www.persvr.org/test/capability-validate.html Let me know if anyone can find any false acceptances (scripts...
... get successfully eval'ed that are unsafe). ... presume that it is also a lot faster since it is using simpler regex-based checking rather than full AST...
... Yes, regular expression based validation does seem impropable. However, it seems like you could also make an argument that it easier to reason about and...
... Do we have a regression test suite of tricky examples? For instance, I don't see the string "cc_on" in Kris' validator, but that feature tripped up ADsafe...
... Can you disallow @ outside of string literals entirely? What if ADSafe code is included in a container that has @cc_on, and does an @set that overrides a...
... '@' does not appear anywhere in the ES3 grammar outside string literals, regexp literals, and comments, right? Isn't ADsafe defined to be a subset of ES3? ...
David-Sarah Hopwood
david.hopwood@...
Mar 21, 2008 11:09 pm
161
On 21/03/2008, David-Sarah Hopwood ... Yep. @ often appears in JSDoc style comments: http://jsdoc.sourceforge.net/#tagref so banning @ in comments might make...
... I meant my point a bit more generally: Assume that any extension to strict ES3 is designed by an evil genius trying to break ADsafe (or Caja, or whatever),...
David-Sarah Hopwood
david.hopwood@...
Mar 22, 2008 3:04 am
164
On 21/03/2008, David-Sarah Hopwood ... Or a committee of evil geniuses. ... Caja deals with many of these problems by rewriting. We can deal perfectly well...
... Also, because with the new cross-site XHR and XDR capabilities, web sites can directly request the scripts from other sites, which can potentially be...
Is there any documentation available on the specific attacks that the various rules in ADsafe are protecting against? Most of the rules are pretty obvious, but...
I want .get and .set to work without blacklists. They are intended to get and set data members in objects. So that is all they will allow. They will not get or...
I relaxed the restriction on the [ ] operator slightly. It will now accept subscript values that are number literals or string literals that are not legal...
... I recommend also accepting all so-called "stringified numbers", i.e., all x for which x === String(Number(x)) all these are implicitly and necessarily...
Great, thank you for the info. Kris ... From: Douglas Crockford To: caplet@yahoogroups.com Sent: Saturday, April 05, 2008 8:46 AM Subject: [caplet] Re: ADsafe...
Function mutability can be a source of undefined behavior since the spec allows but doesn't require "joining" of functions that have the same body and scope...
AFAIK, no implementation has ever actually done this "joining", and I believe ES3.1 and ES4 will very likely dissallow joining to prevent it from ever...
... Yes, that's what we decided. ES3.1 and ES4 will be deterministic in this regard. No joining. -- Text by me above is hereby placed in the public domain ...
... If functions were immutable, joining would be a transparent optimization. Apart from the theoretical potential for backward incompatibility, why isn't this...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
