[cap-talk] solve CSRF by making references unforgeable, not unshareable
Kevin Reid
kpreid at mac.com
Wed Mar 25 13:49:55 EDT 2009
On Mar 25, 2009, at 12:41, David-Sarah Hopwood wrote:
> SQL injection (and injection attacks in general for any language) can
> be solved by ensuring that the structure of the query as parsed is the
> structure intended by the programmer. The easiest and simplest way to
> do this is for the query API to represent a query as an abstract
> syntax
> tree, not a string.
Indeed. My E-on-JavaScript implementation suffers from the lack of AST
libraries for HTML and JavaScript (though I built a half-baked output-
only system for JS).
Are there existing ones that it would be good to borrow design or tame
implementation of? (DOM need not apply as it uses mutable nodes tied
to a specific Document.)
--
Kevin Reid <http://homepage.mac.com/kpreid/>
More information about the cap-talk
mailing list