I've been interested in ADsafe for a few months now as a potential way to allow 3rd parts apps to work within a safe sandbox. However, since ADsafe...
321
Mike Samuel
mikesamuel
May 24, 2010 10:00 pm
2010/5/24 adam.kumpf <adam.kumpf@...> ... Caja ( http://code.google.com/p/google-caja/ ) is meant for larger scale apps. It does not currently tame...
322
adam.kumpf
May 26, 2010 4:16 am
... Caja is a great idea, but it has some large fundamental limitations. As I see it, since the code is transformed irreversibly it is significantly harder to...
323
Marcel Laverdet
marcel.laverdet
May 26, 2010 5:09 am
I don't think the transformation has that big of a cost. Debugging isn't that bad since you can debug before transformation, and transformation doesn't affect...
324
Mike Samuel
mikesamuel
May 26, 2010 5:02 pm
2010/5/24 adam.kumpf <adam.kumpf@...> ... ADsafe is a beautiful piece of work and you are right about transformation having downsides. Our strategy thus...
325
adam.kumpf
May 26, 2010 8:11 pm
... Thanks for the additional clarity of the evolving ADsafe/Caja landscape. You and Doug are both on to a fundamental shift in how the web works, and more...
326
Mike Samuel
mikesamuel
May 26, 2010 11:29 pm
2010/5/26 adam.kumpf <adam.kumpf@...> ... Mark (CCed) can correct me if I say anything wrong. ECMA approved EcmaScript 5 which has a strict mode removes...
327
Mark S. Miller
erights@...
May 27, 2010 1:53 am
Caution: I tend to err on the side of too much detail. Apologies in advance. ... We are always very happy to hear when others come think in these terms as ...
328
adam.kumpf
May 28, 2010 12:05 am
Mark and Mike, This is really a great discussion -- thanks for detailing out the current state of ECMA Script 5, SES, and the overall feel of where things are...
329
Douglas Crockford
douglascrock...
May 28, 2010 12:26 pm
... The source is out there, and you are certainly welcome to adapt it. My energies are now focused on repairing ECMAScript and HTML/DOM, ultimately making...
330
Mark S. Miller
erights@...
May 30, 2010 1:14 am
... Hi Adam, we are tracking the ES5 implementations in progress at ...
331
Douglas Crockford
douglascrock...
Aug 7, 2010 9:21 pm
JSLint now enforces the prohibition on _ in string literals in the key position of object literals. Thanks to Joe Politz of Brown....
332
Mark S. Miller
erights@...
Aug 30, 2010 10:12 pm
May crash your browser or page: http://es-lab.googlecode.com/svn/trunk/src/ses/index.html <http://es-lab.googlecode.com/svn/trunk/src/ses/index.html>Sources at...
333
Mark S. Miller
erights@...
Aug 30, 2010 11:39 pm
... Minified and gzipped that is. ... -- Cheers, --MarkM...
334
Ben Laurie
benlaurie2000
Aug 31, 2010 3:57 pm
... FWIW, it didn't crash Chrome 5 on Windows. Hard to know if it worked properly, tho! ... -- http://www.apache-ssl.org/ben.html...
335
Douglas Crockford
douglascrock...
Sep 17, 2010 10:17 pm
ADSAFE.lib now subjects its name parameter to the same rules used generally on properties. Ankur Taly had discovered an attack by using a particular banned...
336
forewer2000
Oct 26, 2010 11:29 am
Hi all, In the adsafe.js I found that the reject_name(name) function is used at three location in this "procedural" form. Ex. at line 1087 : getStyle: function...
337
Douglas Crockford
douglascrock...
Oct 26, 2010 11:47 am
... On some browsers, accessing the constructor style would return a function, which is not desirable, so an exception is raised instead....
338
Nagy Endre
forewer2000
Oct 26, 2010 5:59 pm
I mean calling the reject_name function with a name it returns true or false. For instance if I call reject_name('constructor') than i will get true because ...
339
Douglas Crockford
douglascrock...
Oct 26, 2010 6:00 pm
... Quite right. Thank you very much....
340
Douglas Crockford
douglascrock...
Nov 11, 2010 6:46 pm
I updated the ADsafe DOM interface. Previously, a method like .getValue() could return undefined a single value an array of values depending on the number of...
341
Larry Koved
larrykoved
Jan 18, 2011 10:28 pm
On behalf of the workshop co-chairs and program chair, we would like to invite you participate in the 5th annual workshop on Web 2.0 Security and Privacy....
342
Larry Koved
larrykoved
Mar 11, 2011 2:02 am
Reminder: The submission date is March 25, two weeks from tomorrow. On behalf of the workshop co-chairs and program chair, we would like to invite you...
343
Larry Koved
larrykoved
Mar 19, 2011 2:50 am
Final reminder! Submissions are due next Friday. Thanks. On behalf of the workshop co-chairs and program chair, we would like to invite you participate in the...
344
Douglas Crockford
douglascrock...
Apr 19, 2011 1:38 am
ADsafe took a big usability hit when the Firefox[-6] bug was discovered. ADsafe took the necessary but highly undesirable step of outlawing the use of the []...
345
Freeman, Tim
timothy_free...
Apr 19, 2011 3:08 am
Care to post a citation for the Firefox[-6] bug? Google doesn't do a very good job searching for [-6]. Sounds pretty bizarre, if -1, -3, and -6 are special. ...
... So, fixed in Firefox 3.5 and 3.6 patch releases. Firefox 4 is out already. Is anyone seeing hits from downrev Firefoxes? /be_._,___...
348
Douglas Crockford
douglascrock...
Apr 19, 2011 8:37 pm
... This is the Firefox distribution I see at Yahoo: 4.0 1.60% 3.6 21.78% 3.5 2.99% 3.0 1.93% 2.0 0.39%...
349
Larry Koved
larrykoved
Dec 21, 2011 3:02 am
W2SP 2012 CFP - Web 2.0 Security and Privacy 2012 Workshop Call for Papers On behalf of the workshop co-chairs and program chair, we would like to invite you...
