Here is my attempt at an ADsafe validator: http://www.persvr.org/test/capability-validate.html Let me know if anyone can find any false acceptances (scripts...
155
Douglas Crockford
douglascrock...
Mar 20, 2008 1:57 pm
... get successfully eval'ed that are unsafe). ... presume that it is also a lot faster since it is using simpler regex-based checking rather than full AST...
156
Kris Zyp
kriszyp
Mar 20, 2008 2:50 pm
... Yes, regular expression based validation does seem impropable. However, it seems like you could also make an argument that it easier to reason about and...
157
Adam Barth
hk9565
Mar 20, 2008 6:35 pm
... Do we have a regression test suite of tricky examples? For instance, I don't see the string "cc_on" in Kris' validator, but that feature tripped up ADsafe...
158
Kris Zyp
kriszyp
Mar 21, 2008 7:21 pm
... That would be awesome. ... Thanks for the heads, fixed it. Thanks, Kris...
159
Mike Samuel
mikesamuel
Mar 21, 2008 7:40 pm
... Can you disallow @ outside of string literals entirely? What if ADSafe code is included in a container that has @cc_on, and does an @set that overrides a...
160
David-Sarah Hopwood
david.hopwood@...
Mar 21, 2008 11:09 pm
... '@' does not appear anywhere in the ES3 grammar outside string literals, regexp literals, and comments, right? Isn't ADsafe defined to be a subset of ES3? ...
161
Mike Samuel
mikesamuel
Mar 22, 2008 12:05 am
On 21/03/2008, David-Sarah Hopwood ... Yep. @ often appears in JSDoc style comments: http://jsdoc.sourceforge.net/#tagref so banning @ in comments might make...
162
Kris Zyp
kriszyp
Mar 22, 2008 3:02 am
... Certainly seems reasonable to insist that containers don't do the eval inside a @cc_on. Kris...
163
David-Sarah Hopwood
david.hopwood@...
Mar 22, 2008 3:04 am
... I meant my point a bit more generally: Assume that any extension to strict ES3 is designed by an evil genius trying to break ADsafe (or Caja, or whatever),...
164
Mike Samuel
mikesamuel
Mar 22, 2008 3:20 am
On 21/03/2008, David-Sarah Hopwood ... Or a committee of evil geniuses. ... Caja deals with many of these problems by rewriting. We can deal perfectly well...
165
Kris Zyp
kriszyp
Mar 22, 2008 3:35 am
... Also, because with the new cross-site XHR and XDR capabilities, web sites can directly request the scripts from other sites, which can potentially be...
166
Kris Zyp
kriszyp
Apr 4, 2008 7:50 pm
Is there any documentation available on the specific attacks that the various rules in ADsafe are protecting against? Most of the rules are pretty obvious, but...
167
Douglas Crockford
douglascrock...
Apr 5, 2008 2:46 pm
I want .get and .set to work without blacklists. They are intended to get and set data members in objects. So that is all they will allow. They will not get or...
168
Douglas Crockford
douglascrock...
Apr 5, 2008 3:02 pm
I relaxed the restriction on the [ ] operator slightly. It will now accept subscript values that are number literals or string literals that are not legal...
169
Mark Miller
capsecure
Apr 5, 2008 3:09 pm
... I recommend also accepting all so-called "stringified numbers", i.e., all x for which x === String(Number(x)) all these are implicitly and necessarily...
170
Kris Zyp
kriszyp
Apr 5, 2008 3:57 pm
Great, thank you for the info. Kris ... From: Douglas Crockford To: caplet@yahoogroups.com Sent: Saturday, April 05, 2008 8:46 AM Subject: [caplet] Re: ADsafe...
171
Mike Samuel
mikesamuel
Apr 6, 2008 3:42 am
Function mutability can be a source of undefined behavior since the spec allows but doesn't require "joining" of functions that have the same body and scope...
172
Kris Zyp
kriszyp
Apr 6, 2008 4:10 am
AFAIK, no implementation has ever actually done this "joining", and I believe ES3.1 and ES4 will very likely dissallow joining to prevent it from ever...
173
Mark Miller
capsecure
Apr 6, 2008 9:40 am
... Yes, that's what we decided. ES3.1 and ES4 will be deterministic in this regard. No joining. -- Text by me above is hereby placed in the public domain ...
174
David-Sarah Hopwood
david.hopwood@...
Apr 6, 2008 3:17 pm
... If functions were immutable, joining would be a transparent optimization. Apart from the theoretical potential for backward incompatibility, why isn't this...
175
David-Sarah Hopwood
david.hopwood@...
Apr 6, 2008 3:19 pm
... Actually not quite, because it would still be observable by using ===. ... -- David-Sarah Hopwood...
176
Kris Zyp
kriszyp
Apr 6, 2008 4:15 pm
... Really? It is actually even used in ADsafe's core library. Mutating functions is pretty core functionality, and AFAIK it is necessary to form multi-level...
177
Mike Samuel
mikesamuel
Apr 6, 2008 7:30 pm
Does anyone know the rationale for putting joining in the spec in the first place? mike...
178
Mike Samuel
mikesamuel
Apr 6, 2008 7:54 pm
... and "-Infinity"...
179
David-Sarah Hopwood
david.hopwood@...
Apr 6, 2008 8:46 pm
... You're right, I don't know what I was thinking of. Making functions immutable in ES3.1/4 is not practical. -- David-Sarah Hopwood...
180
Mark Miller
capsecure
Apr 6, 2008 8:54 pm
... I purposely left that out because it would already be covered by Crock's "not legal identifiers" rule. -- Text by me above is hereby placed in the public...
181
Mark S. Miller
erights@...
Apr 6, 2008 9:02 pm
... I'd guess it was to enable the optimization that David was suggesting. But I don't actually know. -- Cheers, --MarkM...
182
Douglas Crockford
douglascrock...
Apr 8, 2008 4:43 pm
... optimization. ... functions is pretty core functionality, and AFAIK it is necessary to form multi-level prototypical inheritance. If I want object A to ...
183
Douglas Crockford
douglascrock...
Apr 9, 2008 11:48 pm
I am relaxing ADsafe to allow access to these standard globals: Array Boolean Date decodeURI decodeURIComponent encodeURI encodeURIComponent Error escape...
