Brendan Eich wrote: > Trevor Jim wrote: >>> It started out as a hash of something, but it ended up a key. I'll >>> update my latest slides, which I'll be publishing soon. Thanks, >>> >>> /be >> >> Nor is it a key, e.g., you are not encrypting anything. > > Touche' -- not sure what to call it, other than "id".
It's the key that unlocks the jail ;) >> An additional problem: as far as I know, attributes are not allowed >> on end tags. > > Not in XML or SGML, but in my slidewareML ;-). > > The slide was meant to sketch a solution, and the "hash" attribute was > intended (I talked to this point, but there are no notes in the PDF, > sorry) to defeat the document.write problem. One solution is to have <jail key="..."> evil goes here <endjail key="..."> / Jonas _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
