ADsafe does not allow access to Date or to Math.random(). This is because we want to be able to sample ads to test their behavior and contractual compliance....
204
Larry Koved
larrykoved
May 5, 2008 2:12 am
Reminder -- less than 3 week until the workshop! W2SP 2008: Web 2.0 Security and Privacy 2008 Thursday, May 22 The Claremont Resort, Oakland, California...
205
David-Sarah Hopwood
david.hopwood@...
May 21, 2008 2:47 am
... To: Douglas Crockford <douglas@...> Subject: ADsafe attack From: David-Sarah Hopwood <david.hopwood@...> (function () { ...
206
David-Sarah Hopwood
david.hopwood@...
May 21, 2008 2:49 am
... From: Douglas Crockford <douglas@...> To: David-Sarah Hopwood <david.hopwood@...>, Mark Miller <erights@...> ...
207
David-Sarah Hopwood
david.hopwood@...
May 21, 2008 1:43 pm
[This might be a duplicate; I'm having trouble posting to this list from my usual account.] ... From: David-Sarah Hopwood...
208
David-Sarah Hopwood
david.hopwood@...
May 21, 2008 1:44 pm
... From: Douglas Crockford <douglas@...> To: David-Sarah Hopwood <david.hopwood@...>, Mark Miller <erights@...> ...
209
David-Sarah Hopwood
david.hopwood@...
May 21, 2008 1:45 pm
... From: Douglas Crockford <douglas@...> To: David-Sarah Hopwood <david.hopwood@...> Subject: Re: ADsafe attack ... The...
210
David-Sarah Hopwood
david.hopwood@...
May 21, 2008 7:02 pm
... I'm not convinced that it is sufficiently robust to just check for (this === window). This should work: function robustify(aType, methodName) { var proto =...
211
Douglas Crockford
douglascrock...
May 21, 2008 7:09 pm
... We are considering an Object.keys method, but it will only return the own, enumerable property names....
212
Douglas Crockford
douglascrock...
May 21, 2008 7:14 pm
... Why? The test is intended to reject invocations of the method as a function. What cases are missed?...
213
Mark S. Miller
erights@...
May 21, 2008 7:14 pm
On Wed, May 21, 2008 at 12:02 PM, David-Sarah Hopwood ... Yes! The about-to-be-specified Object.getProperties(obj) will provide a reflective description of all...
214
David-Sarah Hopwood
david.hopwood@...
May 21, 2008 11:19 pm
... That's why I suggested a name using the __...__ convention. Otherwise, a subset language that does not do rewriting must do one of: - blacklist the name...
215
Douglas Crockford
douglascrock...
May 21, 2008 11:41 pm
... Mark came up with a better idea: ADsafe denies any access to Object....
216
David-Sarah Hopwood
david.hopwood@...
May 22, 2008 12:17 am
... I don't want to have to do that in Jacaranda (where it would otherwise be safe to allow first-class access to Object). -- David-Sarah Hopwood...
217
Douglas Crockford
douglascrock...
May 22, 2008 12:54 pm
ADsafe will block the bind method. The bind method proposed for ES3.1 is safe, but the bind methods provided by the current Ajax libraries are not because they...
218
David-Sarah Hopwood
david.hopwood@...
May 22, 2008 2:12 pm
... Don't some of these libraries have other aliases for bind-like methods? For example Prototype has 'bindAsEventListener', although I don't know of any...
219
David-Sarah Hopwood
david.hopwood@...
May 22, 2008 2:22 pm
... While I remember, I think you also need to blacklist 'stack39;. <http://code.google.com/p/google-caja/wiki/ErrorExposesParameterValues> -- David-Sarah...
220
Douglas Crockford
douglascrock...
May 23, 2008 2:53 am
ADsafe now allows long dot expressions that refine the allowed global variables. So ADSAFE.koda.bosanda.bosoya.tikki.ottobo(); is now acceptable. JSLint's UI...
221
Douglas Crockford
douglascrock...
May 24, 2008 9:45 pm
I relaxed some of the restrictions on the get method. It still requires that the object is in fact an object (and not a function), but it allows the returning...
222
Douglas Crockford
douglascrock...
Jun 1, 2008 6:25 am
http://ADsafe.org/ now describes three methods that provide the linkage between the guest code and the ADsafe runtime....
223
Douglas Crockford
douglascrock...
Jun 3, 2008 8:40 pm
The first edition of adsafe.js is available at http://adsafe.org/adsafe.js. It still lacks dom wrappage and interwidget communication....
224
Adam Barth
hk9565
Jun 6, 2008 9:18 am
... Attached is a rough first draft of a safe DOM wrapper. The main idea is that untrusted script views DOM nodes simply as integer handles. To read or mutate...
225
David-Sarah Hopwood
david.hopwood@...
Jun 7, 2008 2:43 am
... It would be easy to make the handles opaque: var nodes = []; function handleToNode(handle) { return handle.__node__; } function nodeToHandle(node) { if...
226
David-Sarah Hopwood
david.hopwood@...
Jun 7, 2008 2:57 am
... I was slightly unclear here. Encapsulation of the underlying DOM node objects from the script is required; in the implementation I suggested, that is...
227
David-Sarah Hopwood
david.hopwood@...
Jun 7, 2008 11:14 pm
... [...] ... [...] ... This will leak memory on IE (even after the nodes array has become unreferenced after leaving the page), because JScript's excuse for a...
228
Kris Zyp
kriszyp
Jun 9, 2008 5:32 pm
I have been investigating an idea for a secure cross-site transport. It seems unlikely that no one has done anything like this before, but I can't find any...
229
Kris Zyp
kriszyp
Jun 9, 2008 6:34 pm
Recently I have been working on a new project, dojox.secure, to add a secure mechanism to Dojo for loading and executing untrusted code and widgets, and I...
230
Douglas Crockford
douglascrock...
Jun 9, 2008 8:12 pm
I am developing an Ajax library for ADsafe. It applies a capability discipline to the dom tree, blocking access to parents and siblings. It wraps collections...
231
Douglas Crockford
douglascrock...
Jun 21, 2008 11:33 pm
I created a safe option in JSLint for checking the safe subset. The adsafe option assumes the safe option, and additionally checks for ADsafe widget...
232
Mark S. Miller
erights@...
Jun 27, 2008 4:03 pm
On Fri, Jun 27, 2008 at 1:44 AM, Mario Heiderich ... Wow. No, we had no idea. I admit that I am shocked that the one tight encapsulation mechanism in...