The first edition of adsafe.js is available at http://adsafe.org/adsafe.js. It still lacks dom wrappage and interwidget communication....
224
Adam Barth
hk9565
Jun 6, 2008 9:18 am
... Attached is a rough first draft of a safe DOM wrapper. The main idea is that untrusted script views DOM nodes simply as integer handles. To read or mutate...
225
David-Sarah Hopwood
david.hopwood@...
Jun 7, 2008 2:43 am
... It would be easy to make the handles opaque: var nodes = []; function handleToNode(handle) { return handle.__node__; } function nodeToHandle(node) { if...
226
David-Sarah Hopwood
david.hopwood@...
Jun 7, 2008 2:57 am
... I was slightly unclear here. Encapsulation of the underlying DOM node objects from the script is required; in the implementation I suggested, that is...
227
David-Sarah Hopwood
david.hopwood@...
Jun 7, 2008 11:14 pm
... [...] ... [...] ... This will leak memory on IE (even after the nodes array has become unreferenced after leaving the page), because JScript's excuse for a...
228
Kris Zyp
kriszyp
Jun 9, 2008 5:32 pm
I have been investigating an idea for a secure cross-site transport. It seems unlikely that no one has done anything like this before, but I can't find any...
229
Kris Zyp
kriszyp
Jun 9, 2008 6:34 pm
Recently I have been working on a new project, dojox.secure, to add a secure mechanism to Dojo for loading and executing untrusted code and widgets, and I...
230
Douglas Crockford
douglascrock...
Jun 9, 2008 8:12 pm
I am developing an Ajax library for ADsafe. It applies a capability discipline to the dom tree, blocking access to parents and siblings. It wraps collections...
231
Douglas Crockford
douglascrock...
Jun 21, 2008 11:33 pm
I created a safe option in JSLint for checking the safe subset. The adsafe option assumes the safe option, and additionally checks for ADsafe widget...
232
Mark S. Miller
erights@...
Jun 27, 2008 4:03 pm
On Fri, Jun 27, 2008 at 1:44 AM, Mario Heiderich ... Wow. No, we had no idea. I admit that I am shocked that the one tight encapsulation mechanism in...
233
Mark S. Miller
erights@...
Jun 27, 2008 8:50 pm
... Hi Brendan, I was completely unaware of this history and did indeed think that this was a newly opened hole. I'm very pleased to find that it isn't. I'm...
234
brendaneich
Jun 27, 2008 9:09 pm
... I reply-all'ed since Mark cc'ed me, but I was not a member of the caplet@yahoogroups.com list so the message bounced off that address. Here's the...
235
Douglas Crockford
douglascrock...
Jul 16, 2008 10:11 pm
I added setExpression to the banned method list....
236
Mike Samuel
mikesamuel
Jul 16, 2008 11:09 pm
Is that the javascript equivalent of IE's expression(...) CSS extension? If so, I'm confused. If code is getting access to a raw HTMLElement or style object,...
237
Douglas Crockford
douglascrock...
Jul 16, 2008 11:25 pm
... string to ... You're right. Never mind....
238
David-Sarah Hopwood
david.hopwood@...
Jul 17, 2008 3:30 pm
... This is a Microsoft DOM method <http://msdn.microsoft.com/en-us/library/ms531196(VS.85).aspx> <http://www.webreference.com/js/tips/000719.html>. It's...
239
Douglas Crockford
douglascrock...
Aug 12, 2008 2:04 pm
A sample ADsafe widget can be seen at http://www.adsafe.org/bats.html It plays the game of Bats....
240
Mark S. Miller
erights@...
Aug 13, 2008 9:43 pm
Not directly object-capability news, but very good news from an ocap perspective. ... From: Brendan Eich <brendan@...> Date: Wed, Aug 13, 2008 at 2:26...
241
Douglas Crockford
douglascrock...
Aug 31, 2008 12:39 am
ADsafe will now accept subscripting expressions that use the + prefix, so koda[bosonda] can be written as koda[+bosonda] instead of as ADSAFE.get(koda,...
243
marcel.laverdet
Sep 5, 2008 1:07 pm
... I'm kind of late to this (just joined this group) but this just seems like a losing battle. Trusting that a host hasn't opened themselves up to an attack...
244
Kris Zyp
kriszyp
Sep 8, 2008 4:08 pm
Of course the attack assumes that the host uses Prototype and also has an iframe on the page, but I imagine such cases aren't hard to find. There's also...
245
marcel.laverdet
Sep 8, 2008 4:35 pm
... the prototypes (of course this could simply be documented to be unsafe)? Also, the mozilla() fix function replaces value in existing slots, it doesn't seem...
246
Kris Zyp
kriszyp
Sep 8, 2008 4:48 pm
... Understood. I think the situation may be a little different for me than for the ADsafe in general, since I am focused on a Dojo-specific impl of ADsafe....
247
Douglas Crockford
douglascrock...
Sep 8, 2008 5:04 pm
... has an iframe on the ... several other ways you can ... vectors? I see you're ... that approach won't work ... I looked at the Mozilla array methods, and...
248
Kris Zyp
kriszyp
Sep 8, 2008 5:07 pm
... If there is an iframe somewhere on the page, they can leak access to it (I was able to reproduce that). Kris ... From: Douglas Crockford To:...
249
Douglas Crockford
douglascrock...
Sep 8, 2008 6:51 pm
... Thanks, Marcel, that was really helpful. ADsafe's mozilla function is now conditioned on the existence of slots for concat, filter, map, reverse, slice,...
... These vulnerabilities were first pointed out by Jeff Walden and Eli Friedman, then interns at Mozilla, in August 2007. Jeff wrote back then in reply to...
252
Douglas Crockford
douglascrock...
Sep 8, 2008 8:06 pm
... Thanks. ADsafe is now wrapping concat every filter forEach map reduce reduceRight reverse slice some sort....
253
Douglas Crockford
douglascrock...
Oct 8, 2008 5:18 pm
There is another ADsafe demonstration widget at http://adsafe.org/sudoku.html...
