[cap-talk] JavaScript hacks

Kevin Reid kpreid at mac.com
Sat Apr 25 15:54:14 EDT 2009


On Apr 25, 2009, at 14:07, Sandro Magi wrote:

> Some interesting JavaScript hacks are discussed on this page:
>
> http://dev.opera.com/articles/view/opera-javascript-for-hackers-1/
>
> Example such as executing arbitrary code from a regex and using  
> Unicode
> escaped function names, etc. This is certainly relevant in the context
> of Caja.

I took a look and all of it is techniques for defeating blacklists by  
obfuscation. None of it applies to systems that parse their input  
appropriately and aren't doing the silly thing of "reject dangerous  
patterns, otherwise execute this code".

-- 
Kevin Reid                            <http://homepage.mac.com/kpreid/>




More information about the cap-talk mailing list