ADsafe does not allow access to Date or to Math.random(). This is because we want to be able to sample ads to test their behavior and contractual compliance....
Reminder -- less than 3 week until the workshop! W2SP 2008: Web 2.0 Security and Privacy 2008 Thursday, May 22 The Claremont Resort, Oakland, California...
... To: Douglas Crockford <douglas@...> Subject: ADsafe attack From: David-Sarah Hopwood <david.hopwood@...> (function () { ...
David-Sarah Hopwood
david.hopwood@...
May 21, 2008 2:47 am
206
... From: Douglas Crockford <douglas@...> To: David-Sarah Hopwood <david.hopwood@...>, Mark Miller <erights@...> ...
David-Sarah Hopwood
david.hopwood@...
May 21, 2008 2:49 am
207
[This might be a duplicate; I'm having trouble posting to this list from my usual account.] ... From: David-Sarah Hopwood...
David-Sarah Hopwood
david.hopwood@...
May 21, 2008 1:43 pm
208
... From: Douglas Crockford <douglas@...> To: David-Sarah Hopwood <david.hopwood@...>, Mark Miller <erights@...> ...
David-Sarah Hopwood
david.hopwood@...
May 21, 2008 1:44 pm
209
... From: Douglas Crockford <douglas@...> To: David-Sarah Hopwood <david.hopwood@...> Subject: Re: ADsafe attack ... The...
David-Sarah Hopwood
david.hopwood@...
May 21, 2008 1:45 pm
210
... I'm not convinced that it is sufficiently robust to just check for (this === window). This should work: function robustify(aType, methodName) { var proto =...
David-Sarah Hopwood
david.hopwood@...
May 21, 2008 7:02 pm
211
... We are considering an Object.keys method, but it will only return the own, enumerable property names....
On Wed, May 21, 2008 at 12:02 PM, David-Sarah Hopwood ... Yes! The about-to-be-specified Object.getProperties(obj) will provide a reflective description of all...
Mark S. Miller
erights@...
May 21, 2008 7:14 pm
214
... That's why I suggested a name using the __...__ convention. Otherwise, a subset language that does not do rewriting must do one of: - blacklist the name...
David-Sarah Hopwood
david.hopwood@...
May 21, 2008 11:19 pm
215
... Mark came up with a better idea: ADsafe denies any access to Object....
... I don't want to have to do that in Jacaranda (where it would otherwise be safe to allow first-class access to Object). -- David-Sarah Hopwood...
David-Sarah Hopwood
david.hopwood@...
May 22, 2008 12:17 am
217
ADsafe will block the bind method. The bind method proposed for ES3.1 is safe, but the bind methods provided by the current Ajax libraries are not because they...
... Don't some of these libraries have other aliases for bind-like methods? For example Prototype has 'bindAsEventListener', although I don't know of any...
David-Sarah Hopwood
david.hopwood@...
May 22, 2008 2:12 pm
219
... While I remember, I think you also need to blacklist 'stack'. <http://code.google.com/p/google-caja/wiki/ErrorExposesParameterValues> -- David-Sarah...
David-Sarah Hopwood
david.hopwood@...
May 22, 2008 2:22 pm
220
ADsafe now allows long dot expressions that refine the allowed global variables. So ADSAFE.koda.bosanda.bosoya.tikki.ottobo(); is now acceptable. JSLint's UI...
I relaxed some of the restrictions on the get method. It still requires that the object is in fact an object (and not a function), but it allows the returning...
... Attached is a rough first draft of a safe DOM wrapper. The main idea is that untrusted script views DOM nodes simply as integer handles. To read or mutate...
... It would be easy to make the handles opaque: var nodes = []; function handleToNode(handle) { return handle.__node__; } function nodeToHandle(node) { if...
David-Sarah Hopwood
david.hopwood@...
Jun 7, 2008 2:43 am
226
... I was slightly unclear here. Encapsulation of the underlying DOM node objects from the script is required; in the implementation I suggested, that is...
David-Sarah Hopwood
david.hopwood@...
Jun 7, 2008 2:57 am
227
... [...] ... [...] ... This will leak memory on IE (even after the nodes array has become unreferenced after leaving the page), because JScript's excuse for a...
David-Sarah Hopwood
david.hopwood@...
Jun 7, 2008 11:14 pm
228
I have been investigating an idea for a secure cross-site transport. It seems unlikely that no one has done anything like this before, but I can't find any...
Recently I have been working on a new project, dojox.secure, to add a secure mechanism to Dojo for loading and executing untrusted code and widgets, and I...
I am developing an Ajax library for ADsafe. It applies a capability discipline to the dom tree, blocking access to parents and siblings. It wraps collections...
I created a safe option in JSLint for checking the safe subset. The adsafe option assumes the safe option, and additionally checks for ADsafe widget...
On Fri, Jun 27, 2008 at 1:44 AM, Mario Heiderich ... Wow. No, we had no idea. I admit that I am shocked that the one tight encapsulation mechanism in...