Is there any documentation available on the specific attacks that the various rules in ADsafe are protecting against? Most of the rules are pretty obvious, but...
I want .get and .set to work without blacklists. They are intended to get and set data members in objects. So that is all they will allow. They will not get or...
I relaxed the restriction on the [ ] operator slightly. It will now accept subscript values that are number literals or string literals that are not legal...
... I recommend also accepting all so-called "stringified numbers", i.e., all x for which x === String(Number(x)) all these are implicitly and necessarily...
Great, thank you for the info. Kris ... From: Douglas Crockford To: caplet@yahoogroups.com Sent: Saturday, April 05, 2008 8:46 AM Subject: [caplet] Re: ADsafe...
Function mutability can be a source of undefined behavior since the spec allows but doesn't require "joining" of functions that have the same body and scope...
AFAIK, no implementation has ever actually done this "joining", and I believe ES3.1 and ES4 will very likely dissallow joining to prevent it from ever...
... Yes, that's what we decided. ES3.1 and ES4 will be deterministic in this regard. No joining. -- Text by me above is hereby placed in the public domain ...
... If functions were immutable, joining would be a transparent optimization. Apart from the theoretical potential for backward incompatibility, why isn't this...
David-Sarah Hopwood
david.hopwood@...
Apr 6, 2008 3:17 pm
175
... Actually not quite, because it would still be observable by using ===. ... -- David-Sarah Hopwood...
David-Sarah Hopwood
david.hopwood@...
Apr 6, 2008 3:19 pm
176
... Really? It is actually even used in ADsafe's core library. Mutating functions is pretty core functionality, and AFAIK it is necessary to form multi-level...
... You're right, I don't know what I was thinking of. Making functions immutable in ES3.1/4 is not practical. -- David-Sarah Hopwood...
David-Sarah Hopwood
david.hopwood@...
Apr 6, 2008 8:46 pm
180
... I purposely left that out because it would already be covered by Crock's "not legal identifiers" rule. -- Text by me above is hereby placed in the public...
... I'd guess it was to enable the optimization that David was suggesting. But I don't actually know. -- Cheers, --MarkM...
Mark S. Miller
erights@...
Apr 6, 2008 9:02 pm
182
... optimization. ... functions is pretty core functionality, and AFAIK it is necessary to form multi-level prototypical inheritance. If I want object A to ...
I am relaxing ADsafe to allow access to these standard globals: Array Boolean Date decodeURI decodeURIComponent encodeURI encodeURIComponent Error escape...
... Is it really worth including {,un}escape in light of http://msdn2.microsoft.com/en-us/library/9yzah1fh(VS.85).aspx ? Is it a goal to support older versions...
... No confirm, alert, or prompt? Preventing annoyance exploits? ;) Or is there another exploit I am not aware of? Kris ... From: Douglas Crockford To:...
... is there another exploit I am not aware of? Those are not standard globals. They are creatures of the DOM. Currently, ADsafe is not granting any access to...
... I can see the B-movie poster now :-) More seriously, all of the objects that Doug just granted access to, with the exception of Date, provide no authority...
David-Sarah Hopwood
david.hopwood@...
Apr 10, 2008 4:28 pm
189
... Yes. It is in anticipation of a decimal package of some sort....
... Currently, ADsafe is still approximately a subset of Caja. Were these added, it would cause significant breakage of the subset relationship. -- Cheers, ...
Mark S. Miller
erights@...
Apr 10, 2008 5:15 pm
192
... IIUC, foo['-Infinity'] would be, but foo[-Infinity] wouldn't. -- David-Sarah Hopwood...
David-Sarah Hopwood
david.hopwood@...
Apr 11, 2008 3:16 pm
193
On 11/04/2008, David-Sarah Hopwood <david.hopwood@...> ... douglas@...> ... The two are identical. From ES262 S11.2.1 ...
... They are evaluated identically (if Infinity is an unshadowable constant), but they have different syntax trees. Crock' rule was defined syntactically; ...
David-Sarah Hopwood
david.hopwood@...
Apr 11, 2008 8:04 pm
195
On 11/04/2008, David-Sarah Hopwood ... Ok. Understood....
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
