kpreid at mac.com
Sat Apr 25 15:54:14 EDT 2009
On Apr 25, 2009, at 14:07, Sandro Magi wrote:
> Example such as executing arbitrary code from a regex and using
> escaped function names, etc. This is certainly relevant in the context
> of Caja.
I took a look and all of it is techniques for defeating blacklists by
obfuscation. None of it applies to systems that parse their input
appropriately and aren't doing the silly thing of "reject dangerous
patterns, otherwise execute this code".
Kevin Reid <http://homepage.mac.com/kpreid/>
More information about the cap-talk