Reminder: One week until the workshop. Web 2.0 Security & Privacy 2009 Claremont Resort in Oakland, California May 21, 2009 http://w2spconf.com/2009/ The goal...
296
Mark S. Miller
erights@...
May 20, 2009 3:00 am
... From: Mark S. Miller <erights@...> Date: Tue, May 19, 2009 at 7:52 PM Subject: Techtalk on EcmaScript 5 To: "es5-discuss@..."...
297
Douglas Crockford
douglascrock...
May 24, 2009 1:08 am
I slimmed down the ADsafe banned list. These are the names of members that may not be accessed. This list is now: arguments callee caller constructor eval ...
298
Douglas Crockford
douglascrock...
May 24, 2009 2:50 pm
... I do not understand the value in preventing information leaks here. What is the hazard? I am considering the blocking of try/catch in ADsafe. I am...
299
Tyler Close
tjclose
May 25, 2009 9:57 pm
On Sun, May 24, 2009 at 7:49 AM, Douglas Crockford ... Javascript's catch is also problematic since it enables catching of stack overflow and out of memory...
300
Brendan Eich
brendaneich
May 25, 2009 10:38 pm
... I'd like to know too -- you can throw an object that you could return, so that's not it. Is it the ES3 spec bug, not implemented by many browsers, where...
301
Tyler Close
tjclose
May 25, 2009 11:24 pm
... What about stack overflow? ... I did the testing during the caja security review and I believe I got an exploit working in both IE 6 and Firefox 2 on...
302
Adam Barth
hk9565
Jun 9, 2009 8:56 pm
Hi folks, Joel was playing around with ADsafe today and noticed that the verifier seems to be broken at the moment. For example, this widget passes the...
303
Douglas Crockford
douglascrock...
Jun 10, 2009 7:39 am
... The fault was mine. Please ask Joel to try it again....
304
marcel.laverdet
Jul 16, 2009 3:31 am
Hey I wanted to let you guys know that for now I'm discontinuing research on FBJS2. Basically at this time instead we're focusing on Facebook Connect (external...
305
Mike Samuel
mikesamuel
Jul 31, 2009 1:39 pm
We should add tests though to make sure we stay invulnerable to that. 2009/7/29 Mike Stay <metaweta@...> ... We should add tests though to make sure we...
306
Douglas Crockford
douglascrock...
Jul 31, 2009 1:47 pm
I repaired some leakage in the ADsafe Ajax library. Grateful thanks to John Mitchell, Sergio Maffeis, and Ankur Taly. http://www.doc.ic.ac.uk/~maffeis/ I also...
307
Douglas Crockford
douglascrock...
Jul 31, 2009 4:20 pm
The ADsafe verifier now rejects programs that use the arguments pseudo array. The ADsafe verifier now rejects programs that use expressions with the subscript...
308
Douglas Crockford
douglascrock...
Aug 8, 2009 12:15 am
... This produces a bunch from which all text nodes containing only whitespace are removed I added these bunch methods: .each(func) The function is called for...
309
Tyler Close
tjclose
Aug 16, 2009 6:52 pm
What's the recommended idiom for iterating over the elements of an array? I had been using: for (var i = 0; i !== v.length; i += 1) { var element = v[+i]; ... ...
310
Collin Jackson
collin.jackson@...
Dec 14, 2009 12:50 am
This is announcement of the call for papers for the fourth in a series of successful workshops on topics related to security and privacy for Web 2.0. This...
311
Larry Koved
larrykoved
Mar 5, 2010 6:25 pm
This is announcement of the call for papers for the fourth in a series of successful workshops on topics related to security and privacy for Web 2.0. This...
312
Larry Koved
larrykoved
Mar 19, 2010 6:48 pm
A quick reminder... This is announcement of the call for papers for the fourth in a series of successful workshops on topics related to security and privacy...
313
Mark S. Miller
erights@...
Apr 13, 2010 12:44 am
Call for Papers / Call for Participation: First workshop on Decentralized Coordination of Distributed Processes (DCDP 2010) http://soft.vub.ac.be/events/dcdp ...
314
Douglas Crockford
douglascrock...
May 10, 2010 8:24 pm
I added a getContext method. It makes it possible to draw on a <canvas>. I am now logging all errors to ADSAFE.log as a convenience for developers....
315
adam.kumpf
May 10, 2010 9:09 pm
... <canvas>. ... developers. ... Thanks Doug -- it's great that you are so responsive! One word of caution, though. From the returned...
316
adam.kumpf
May 10, 2010 10:17 pm
... Something like this seems to do it (i.e., copy the context, but don't include the canvas element). Although the returned type is no longer a...
317
adam.kumpf
May 10, 2010 10:57 pm
... CanvasRenderingContext2D ... dangerous!! ... include the canvas element). Although the returned type is no longer a CanvasRenderingContext2D. Trying to...
318
douglascrockford
douglascrock...
May 11, 2010 12:03 am
I have removed the getContext method....
319
Larry Koved
larrykoved
May 11, 2010 9:27 pm
A final reminder... W2SP 2010: Web 2.0 Security and Privacy 2010 Thursday, May 20 The Claremont Resort, Oakland, California Web site: http://w2spconf.com/2010 ...
320
adam.kumpf
May 24, 2010 6:59 pm
I've been interested in ADsafe for a few months now as a potential way to allow 3rd parts apps to work within a safe sandbox. However, since ADsafe...
321
Mike Samuel
mikesamuel
May 24, 2010 10:00 pm
2010/5/24 adam.kumpf <adam.kumpf@...> ... Caja ( http://code.google.com/p/google-caja/ ) is meant for larger scale apps. It does not currently tame...
322
adam.kumpf
May 26, 2010 4:16 am
... Caja is a great idea, but it has some large fundamental limitations. As I see it, since the code is transformed irreversibly it is significantly harder to...
323
Marcel Laverdet
marcel.laverdet
May 26, 2010 5:09 am
I don't think the transformation has that big of a cost. Debugging isn't that bad since you can debug before transformation, and transformation doesn't affect...
324
Mike Samuel
mikesamuel
May 26, 2010 5:02 pm
2010/5/24 adam.kumpf <adam.kumpf@...> ... ADsafe is a beautiful piece of work and you are right about transformation having downsides. Our strategy thus...
