... ADsafe rejects [ /[/]/ /foo]/ + bar. Just because ECMAScript says its ok doesn't mean that ADsafe must. ADsafe insists that all internal / must have \....
No need to apologize, and I did not aim to blame Opera or Safari in citing the record. This was not a situation where anyone fielding a browser compatible...
278
David-Sarah Hopwood
david.hopwood@...
Feb 10, 2009 2:12 pm
... I could, if I knew that there were no more bugs like this. Note that lexical confusion attacks of this kind can easily be turned into complete breaks of a...
279
David-Sarah Hopwood
david.hopwood@...
Feb 10, 2009 2:34 pm
... <https://bugzilla.mozilla.org/show_bug.cgi?id=309840#c12> # This fixes a highly dup'ed IE compatibility bug. It's an extension # to ECMA syntax that's...
280
David-Sarah Hopwood
david.hopwood@...
Feb 10, 2009 2:44 pm
... I'm confused -- how does it know that the middle '/' in "/[/]/" is "internal";? Is it lexing according to the intersection of Pattern from section 15.10.1,...
... You're right, but so what? The IE bug and monopoly combined to create a de-facto standard. Appealing to the de-jure standard does you no good, and...
... Plenty. But I suspect you know of them. There's conditional compilation comments /* @cc_on */, and there's the newlines in block comments thing return /*...
... Fixed in Firefox 3.1 beta nightlies: https://bugzilla.mozilla.org/show_bug.cgi?id=475834 We could push the fix back into a 3.0.x maintenance release if it ...
284
David-Sarah Hopwood
david.hopwood@...
Feb 16, 2009 3:16 pm
Suppose that S is a Unicode string in which each character matches ValidChar below, not containing the subsequences "<!", "</" or "]]>", and not containing...
285
David-Sarah Hopwood
david.hopwood@...
Feb 16, 2009 4:29 pm
No, I'm not paranoid enough yet. It's not sufficient only to say that the HTML is encoded as UTF-8 (see below). David-Sarah Hopwood wrote: [...] ... I meant,...
2009/2/16 David-Sarah Hopwood <david.hopwood@...> ... So no surrogates? ... Why include FFEF? ... You may still be subject to encoding...
287
David-Sarah Hopwood
david.hopwood@...
Feb 17, 2009 11:13 am
... Correct. They're not characters (or even "noncharacters"). ... It's unassigned, and there's no particular reason to exclude it. (\uFFF0-\uFFF8 are also...
... Isn't it the reflection of fffe, the byte-order-marker. This is probably a very minor issue, but if one part of a parser naively delegates to another...
289
David-Sarah Hopwood
david.hopwood@...
Feb 18, 2009 5:26 pm
... [...] ... No, \uFEFF is the BOM, and its byte-reflection \uFFFE is a noncharacter, so already excluded from ValidChar. (Thought you'd spotted something I'd...
This is announcement of the call for papers for the third in a series of successful workshops on topics related to security and privacy for Web 2.0. This...
I added +tagName to the ADsafe query language. It selects the immediate sibling, so dom.q("h1+p") selects all of the <p> that immediately follow an <h1>....
Doug, Do you know whether you will have time in the next few days (before March 25) to review a few of the papers submitted to W2SP this year? There are a few...
This workshop may be of interest to subscribers of this mailing list Web 2.0 Security & Privacy 2009 Claremont Resort in Oakland, California May 21, 2009 ...
Reminder: One week until the workshop. Web 2.0 Security & Privacy 2009 Claremont Resort in Oakland, California May 21, 2009 http://w2spconf.com/2009/ The goal...
296
Mark S. Miller
erights@...
May 20, 2009 3:00 am
... From: Mark S. Miller <erights@...> Date: Tue, May 19, 2009 at 7:52 PM Subject: Techtalk on EcmaScript 5 To: "es5-discuss@..."...
I slimmed down the ADsafe banned list. These are the names of members that may not be accessed. This list is now: arguments callee caller constructor eval ...
... I do not understand the value in preventing information leaks here. What is the hazard? I am considering the blocking of try/catch in ADsafe. I am...
On Sun, May 24, 2009 at 7:49 AM, Douglas Crockford ... Javascript's catch is also problematic since it enables catching of stack overflow and out of memory...
... I'd like to know too -- you can throw an object that you could return, so that's not it. Is it the ES3 spec bug, not implemented by many browsers, where...
... What about stack overflow? ... I did the testing during the caja security review and I believe I got an exploit working in both IE 6 and Firefox 2 on...
Hi folks, Joel was playing around with ADsafe today and noticed that the verifier seems to be broken at the moment. For example, this widget passes the...
