On 4/3/07, Victor Bogado <[EMAIL PROTECTED]> wrote:
>
> have you read the link I sent? it is possible to leak information with
> objects on the outside, sure it uses this feature that only ie and
> firefox implement but fact is that those two are responsible for 90%
> or more of all user in the internet. The proposed fix is simple enough
> to implement, both on the server side and the client size and fixes
> both the Array bounded JSON and the object bounded one, so my question
> would be why not implement this?
When the server returns an object, it isn't vulnerable! I've read the
document and tried the exploit. Raw objects *do not parse in
javascript* and are therefore invulnerable. This is why JSON is
evaluated with '(' + responseText + ')' rather than just the raw
responseText.
> Fact is that JSON is a security problem, executing the data you
> recieve from a sever is a bad idea, sure it is easier then XML or
> other type, but this don't make it safe. Leaking data is not cool, and
> we all know that web 2.0 is suposed to be cool kid. :-D
A subset of JSON is a security problem. Don't use that subset.
However, I'm going to go ahead and support comment-wrapped JSON just
so you all will shut up.
-bob
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"MochiKit" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/mochikit?hl=en
-~----------~----~----~----~------~----~------~--~---
