caplet : Messages : 239-269 of 349

Messages: Simplify \| Expand		Author	Sort by Date

239		Douglas Crockford douglascrock...	Aug 12, 2008 2:04 pm
	A sample ADsafe widget can be seen at http://www.adsafe.org/bats.html It plays the game of Bats....
240		Mark S. Miller erights@...	Aug 13, 2008 9:43 pm
	Not directly object-capability news, but very good news from an ocap perspective. ... From: Brendan Eich <brendan@...> Date: Wed, Aug 13, 2008 at 2:26...
241		Douglas Crockford douglascrock...	Aug 31, 2008 12:39 am
	ADsafe will now accept subscripting expressions that use the + prefix, so koda[bosonda] can be written as koda[+bosonda] instead of as ADSAFE.get(koda,...
243		marcel.laverdet	Sep 5, 2008 1:07 pm
	... I'm kind of late to this (just joined this group) but this just seems like a losing battle. Trusting that a host hasn't opened themselves up to an attack...
244		Kris Zyp kriszyp	Sep 8, 2008 4:08 pm
	Of course the attack assumes that the host uses Prototype and also has an iframe on the page, but I imagine such cases aren't hard to find. There's also...
245		marcel.laverdet	Sep 8, 2008 4:35 pm
	... the prototypes (of course this could simply be documented to be unsafe)? Also, the mozilla() fix function replaces value in existing slots, it doesn't seem...
246		Kris Zyp kriszyp	Sep 8, 2008 4:48 pm
	... Understood. I think the situation may be a little different for me than for the ADsafe in general, since I am focused on a Dojo-specific impl of ADsafe....
247		Douglas Crockford douglascrock...	Sep 8, 2008 5:04 pm
	... has an iframe on the ... several other ways you can ... vectors? I see you're ... that approach won't work ... I looked at the Mozilla array methods, and...
248		Kris Zyp kriszyp	Sep 8, 2008 5:07 pm
	... If there is an iframe somewhere on the page, they can leak access to it (I was able to reproduce that). Kris ... From: Douglas Crockford To:...
249		Douglas Crockford douglascrock...	Sep 8, 2008 6:51 pm
	... Thanks, Marcel, that was really helpful. ADsafe's mozilla function is now conditioned on the existence of slots for concat, filter, map, reverse, slice,...
250		marcel.laverdet	Sep 8, 2008 6:58 pm
	... As follows: <iframe src="#"></iframe> <script> var leak; ([].forEach \|\| 0)(function(a,b,win) { leak = win; }); leak.alert(leak); </script> Simple demo: ...
251		brendaneich	Sep 8, 2008 7:24 pm
	... These vulnerabilities were first pointed out by Jeff Walden and Eli Friedman, then interns at Mozilla, in August 2007. Jeff wrote back then in reply to...
252		Douglas Crockford douglascrock...	Sep 8, 2008 8:06 pm
	... Thanks. ADsafe is now wrapping concat every filter forEach map reduce reduceRight reverse slice some sort....
253		Douglas Crockford douglascrock...	Oct 8, 2008 5:18 pm
	There is another ADsafe demonstration widget at http://adsafe.org/sudoku.html...
254		Ben Laurie benlaurie2000	Oct 8, 2008 5:49 pm
	... Doesn't seem to work correctly in Chrome (for example, no play button). -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no...
255		Alan Karp alanhkarp	Oct 8, 2008 9:59 pm
	Works for me in Chrome. -- Alan Karp...
256		Bill Frantz frantz@...	Oct 8, 2008 11:31 pm
	... Seems to work on Safari. Cheers - Bill ... Bill Frantz \|"We used to quip that "password"; is the most common 408-356-8506 \| password. Now it's...
257		Ben Laurie benlaurie2000	Oct 9, 2008 8:41 am
	... Hmm. On second attempt it worked for me, too. Odd. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man...
258		Alan Karp alanhkarp	Oct 9, 2008 3:15 pm
	I've noticed that Chrome gets addled if it's been open for many days. This morning mine lost its ability to talk to the network, but I've seen other symptoms....
259		Douglas Crockford douglascrock...	Oct 23, 2008 6:02 pm
	I implemented PPK's focus hack (http://www.quirksmode.org/blog/archives/2008/04/delegating_the.html) in ADsafe, so focus and blur events may now be delegated....
260		marcel.laverdet	Oct 25, 2008 12:41 am
	Live Labs has released a public preview of their Javascript sandbox. http://websandbox.livelabs.com/ See the clock sample: ...
261		Mark S. Miller erights@...	Nov 6, 2008 10:34 pm
	The EcmaScript 3.1 draft standard is rapidly congealing towards an official standard. The Kona version at < ...
262		Douglas Crockford douglascrock...	Jan 3, 2009 4:59 pm
	I added another sample page. This one shows two simple widgets that coexist. http://adsafe.org/roman.html...
263		Mark Miller capsecure	Jan 5, 2009 9:14 pm
	The w3c Technical Architecture Group (TAG) discuss ocaps for the web starting at http://www.w3.org/2001/tag/2008/12/10-minutes#item03 teaser sample: 'DO: SW...
264		Bill Frantz frantz@...	Jan 5, 2009 10:35 pm
	... For me, the highlight was, "Crockford says add a switch in Firefox to disable non-adSafe ads". If this feature gets adopted, and used, we'll see an...
265		Tyler Close tjclose	Jan 6, 2009 12:17 am
	At the end of the minutes, it looks like the TAG is casting about for a next step. One useful step would be to consider amending the web-arch document's...
266		Mark S. Miller erights@...	Jan 6, 2009 2:35 am
	http://apps.yahoo.com/-yNmsEV4q/ I'm "ocap capo". It (and therefore Caja) also work on an iPhone. Thanks to the Yahoo! and Zynga folks! -- Cheers, --MarkM...
267		Larry Koved larrykoved	Jan 18, 2009 2:38 am
	This is announcement of the call for papers for the third in a series of successful workshops on topics related to security and privacy for Web 2.0. This...
268		Mark Miller capsecure	Jan 20, 2009 6:15 pm
	At http://wiki.ecmascript.org/doku.php?id=ses:ses_proposal_working_draft is posted a very rough first draft for a "Secure ECMAScript" standard, derived from...
269		Kris Zyp kriszyp	Jan 21, 2009 3:10 pm
	... Hash: SHA1 Do you have an overview of the differences between SES and ES3.1 (or maybe it is easier to define the differences between SES and Cajita)? I see...

Yahoo! Groups

Breaking News Visit Yahoo! News for the latest.

The Yahoo! Groups Product Blog

Check it out!

Group Information

Yahoo! Groups Tips

Did you know...

Messages