[cap-talk] JavaScript hacks
Kevin Reid
kpreid at mac.com
Sat Apr 25 15:54:14 EDT 2009
On Apr 25, 2009, at 14:07, Sandro Magi wrote:
> Some interesting JavaScript hacks are discussed on this page:
>
> http://dev.opera.com/articles/view/opera-javascript-for-hackers-1/
>
> Example such as executing arbitrary code from a regex and using
> Unicode
> escaped function names, etc. This is certainly relevant in the context
> of Caja.
I took a look and all of it is techniques for defeating blacklists by
obfuscation. None of it applies to systems that parse their input
appropriately and aren't doing the silly thing of "reject dangerous
patterns, otherwise execute this code".
--
Kevin Reid <http://homepage.mac.com/kpreid/>
More information about the cap-talk
mailing list