JSLint.com contains an ADsafe feature. Its intent is to enforce a safe subset of JavaScript for use in ads and widgets. ADsafe requires no transformations. It...
ADSAFE.lib now subjects its name parameter to the same rules used generally on properties. Ankur Taly had discovered an attack by using a particular banned...
May crash your browser or page: http://es-lab.googlecode.com/svn/trunk/src/ses/index.html <http://es-lab.googlecode.com/svn/trunk/src/ses/index.html>Sources at...
A final reminder... W2SP 2010: Web 2.0 Security and Privacy 2010 Thursday, May 20 The Claremont Resort, Oakland, California Web site: http://w2spconf.com/2010 ...
Call for Papers / Call for Participation: First workshop on Decentralized Coordination of Distributed Processes (DCDP 2010) http://soft.vub.ac.be/events/dcdp ...
A quick reminder... This is announcement of the call for papers for the fourth in a series of successful workshops on topics related to security and privacy...
This is announcement of the call for papers for the fourth in a series of successful workshops on topics related to security and privacy for Web 2.0. This...
We should add tests though to make sure we stay invulnerable to that. 2009/7/29 Mike Stay <metaweta@...> ... We should add tests though to make sure we...
Hey I wanted to let you guys know that for now I'm discontinuing research on FBJS2. Basically at this time instead we're focusing on Facebook Connect (external...
Hi folks, Joel was playing around with ADsafe today and noticed that the verifier seems to be broken at the moment. For example, this widget passes the...
I slimmed down the ADsafe banned list. These are the names of members that may not be accessed. This list is now: arguments callee caller constructor eval ...
This workshop may be of interest to subscribers of this mailing list Web 2.0 Security & Privacy 2009 Claremont Resort in Oakland, California May 21, 2009 ...
Doug, Do you know whether you will have time in the next few days (before March 25) to review a few of the papers submitted to W2SP this year? There are a few...
I added +tagName to the ADsafe query language. It selects the immediate sibling, so dom.q("h1+p") selects all of the <p> that immediately follow an <h1>....
This is announcement of the call for papers for the third in a series of successful workshops on topics related to security and privacy for Web 2.0. This...
Suppose that S is a Unicode string in which each character matches ValidChar below, not containing the subsequences "<!", "</" or "]]>", and not containing...
Consider the following JavaScript source: [ /[/]/ /foo]/ + bar According to the ES3 spec, this is interpreted as: [ new RegExp("[") ] / new RegExp("foo]") +...
At http://wiki.ecmascript.org/doku.php?id=ses:ses_proposal_working_draft is posted a very rough first draft for a "Secure ECMAScript" standard, derived from...
This is announcement of the call for papers for the third in a series of successful workshops on topics related to security and privacy for Web 2.0. This...
http://apps.yahoo.com/-yNmsEV4q/ I'm "ocap capo". It (and therefore Caja) also work on an iPhone. Thanks to the Yahoo! and Zynga folks! -- Cheers, --MarkM...
The w3c Technical Architecture Group (TAG) discuss ocaps for the web starting at http://www.w3.org/2001/tag/2008/12/10-minutes#item03 teaser sample: 'DO: SW...
I implemented PPK's focus hack (http://www.quirksmode.org/blog/archives/2008/04/delegating_the.html) in ADsafe, so focus and blur events may now be delegated....
ADsafe will block the bind method. The bind method proposed for ES3.1 is safe, but the bind methods provided by the current Ajax libraries are not because they...
ADsafe will now accept subscripting expressions that use the + prefix, so koda[bosonda] can be written as koda[+bosonda] instead of as ADSAFE.get(koda,...
