Suppose that S is a Unicode string in which each character matches ValidChar below, not containing the subsequences "<!", "</" or "]]>", and not containing...
285
David-Sarah Hopwood
david.hopwood@...
Feb 16, 2009 4:29 pm
No, I'm not paranoid enough yet. It's not sufficient only to say that the HTML is encoded as UTF-8 (see below). David-Sarah Hopwood wrote: [...] ... I meant,...
286
Mike Samuel
mikesamuel
Feb 16, 2009 11:38 pm
2009/2/16 David-Sarah Hopwood <david.hopwood@...> ... So no surrogates? ... Why include FFEF? ... You may still be subject to encoding...
287
David-Sarah Hopwood
david.hopwood@...
Feb 17, 2009 11:13 am
... Correct. They're not characters (or even "noncharacters"). ... It's unassigned, and there's no particular reason to exclude it. (\uFFF0-\uFFF8 are also...
288
Mike Samuel
mikesamuel
Feb 17, 2009 6:50 pm
... Isn't it the reflection of fffe, the byte-order-marker. This is probably a very minor issue, but if one part of a parser naively delegates to another...
289
David-Sarah Hopwood
david.hopwood@...
Feb 18, 2009 5:26 pm
... [...] ... No, \uFEFF is the BOM, and its byte-reflection \uFFFE is a noncharacter, so already excluded from ValidChar. (Thought you'd spotted something I'd...
290
Mike Samuel
mikesamuel
Feb 18, 2009 9:54 pm
... Ah, quite right....
291
Larry Koved
larrykoved
Mar 2, 2009 8:26 pm
This is announcement of the call for papers for the third in a series of successful workshops on topics related to security and privacy for Web 2.0. This...
292
Douglas Crockford
douglascrock...
Mar 6, 2009 6:32 pm
I added +tagName to the ADsafe query language. It selects the immediate sibling, so dom.q("h1+p") selects all of the <p> that immediately follow an <h1>....
293
Larry Koved
larrykoved
Mar 16, 2009 4:10 am
Doug, Do you know whether you will have time in the next few days (before March 25) to review a few of the papers submitted to W2SP this year? There are a few...
294
Larry Koved
larrykoved
Apr 27, 2009 1:06 pm
This workshop may be of interest to subscribers of this mailing list Web 2.0 Security & Privacy 2009 Claremont Resort in Oakland, California May 21, 2009 ...
295
Larry Koved
larrykoved
May 14, 2009 3:08 am
Reminder: One week until the workshop. Web 2.0 Security & Privacy 2009 Claremont Resort in Oakland, California May 21, 2009 http://w2spconf.com/2009/ The goal...
296
Mark S. Miller
erights@...
May 20, 2009 3:00 am
... From: Mark S. Miller <erights@...> Date: Tue, May 19, 2009 at 7:52 PM Subject: Techtalk on EcmaScript 5 To: "es5-discuss@..."...
297
Douglas Crockford
douglascrock...
May 24, 2009 1:08 am
I slimmed down the ADsafe banned list. These are the names of members that may not be accessed. This list is now: arguments callee caller constructor eval ...
298
Douglas Crockford
douglascrock...
May 24, 2009 2:50 pm
... I do not understand the value in preventing information leaks here. What is the hazard? I am considering the blocking of try/catch in ADsafe. I am...
299
Tyler Close
tjclose
May 25, 2009 9:57 pm
On Sun, May 24, 2009 at 7:49 AM, Douglas Crockford ... Javascript's catch is also problematic since it enables catching of stack overflow and out of memory...
300
Brendan Eich
brendaneich
May 25, 2009 10:38 pm
... I'd like to know too -- you can throw an object that you could return, so that's not it. Is it the ES3 spec bug, not implemented by many browsers, where...
301
Tyler Close
tjclose
May 25, 2009 11:24 pm
... What about stack overflow? ... I did the testing during the caja security review and I believe I got an exploit working in both IE 6 and Firefox 2 on...
302
Adam Barth
hk9565
Jun 9, 2009 8:56 pm
Hi folks, Joel was playing around with ADsafe today and noticed that the verifier seems to be broken at the moment. For example, this widget passes the...
303
Douglas Crockford
douglascrock...
Jun 10, 2009 7:39 am
... The fault was mine. Please ask Joel to try it again....
304
marcel.laverdet
Jul 16, 2009 3:31 am
Hey I wanted to let you guys know that for now I'm discontinuing research on FBJS2. Basically at this time instead we're focusing on Facebook Connect (external...
305
Mike Samuel
mikesamuel
Jul 31, 2009 1:39 pm
We should add tests though to make sure we stay invulnerable to that. 2009/7/29 Mike Stay <metaweta@...> ... We should add tests though to make sure we...
306
Douglas Crockford
douglascrock...
Jul 31, 2009 1:47 pm
I repaired some leakage in the ADsafe Ajax library. Grateful thanks to John Mitchell, Sergio Maffeis, and Ankur Taly. http://www.doc.ic.ac.uk/~maffeis/ I also...
307
Douglas Crockford
douglascrock...
Jul 31, 2009 4:20 pm
The ADsafe verifier now rejects programs that use the arguments pseudo array. The ADsafe verifier now rejects programs that use expressions with the subscript...
308
Douglas Crockford
douglascrock...
Aug 8, 2009 12:15 am
... This produces a bunch from which all text nodes containing only whitespace are removed I added these bunch methods: .each(func) The function is called for...
309
Tyler Close
tjclose
Aug 16, 2009 6:52 pm
What's the recommended idiom for iterating over the elements of an array? I had been using: for (var i = 0; i !== v.length; i += 1) { var element = v[+i]; ... ...
310
Collin Jackson
collin.jackson@...
Dec 14, 2009 12:50 am
This is announcement of the call for papers for the fourth in a series of successful workshops on topics related to security and privacy for Web 2.0. This...
311
Larry Koved
larrykoved
Mar 5, 2010 6:25 pm
This is announcement of the call for papers for the fourth in a series of successful workshops on topics related to security and privacy for Web 2.0. This...
312
Larry Koved
larrykoved
Mar 19, 2010 6:48 pm
A quick reminder... This is announcement of the call for papers for the fourth in a series of successful workshops on topics related to security and privacy...
313
Mark S. Miller
erights@...
Apr 13, 2010 12:44 am
Call for Papers / Call for Participation: First workshop on Decentralized Coordination of Distributed Processes (DCDP 2010) http://soft.vub.ac.be/events/dcdp ...
