[cap-talk] solve CSRF by making references unforgeable, not unshareable

David-Sarah Hopwood david.hopwood at industrial-designers.co.uk
Sat Mar 28 00:17:19 EDT 2009


James A. Donald wrote:
>> On Wed, Mar 25, 2009 at 10:49 AM, Kevin Reid <kpreid at mac.com> wrote:
>>> Indeed. My E-on-JavaScript implementation suffers from the lack of AST
>>> libraries for HTML and JavaScript (though I built a half-baked output-
>>> only system for JS).
> 
>>> Are there existing ones that it would be good to borrow design or tame
>>> implementation of? (DOM need not apply as it uses mutable nodes tied
>>> to a specific Document.)
> 
> Mark Miller wrote:
>> For HTML / XML / DOM, see http://jsonml.org/
> 
> It appears to me that jsonml is exactly as vulnerable to injection
> attacks as sql.
> 
> The server generates jsonml code for the client to execute in the same
> way as it generates sql code for the database to execute.
> 
> Client gives the server some text.  Server munges that text with with
> data in its database, sends back some text.

No, the whole point is that the server doesn't munge text; it generates
a JsonML data structure with the intended structure and then encodes
that structure as text. This avoids the injection vulnerabilities that
could occur if it tried to construct the string by concatenation,
without proper quoting.

-- 
David-Sarah Hopwood ⚥



More information about the cap-talk mailing list