[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] Why JSON/JavaScript hijacking only works on Mozilla

From: Daniel Veditz <dveditz@xxxxxxxxxx>
Subject: Re: [WEB SECURITY] Why JSON/JavaScript hijacking only works on Mozilla
Date: Thu, 30 Aug 2007 09:41:33 -0700

Opera folks are already participating in discussions about this issue (e.g.
http://wiki.ecmascript.org/doku.php?id=clarification:which_prototype), and
the link in my follow-up mail showed Mozilla has proposed clarifying the
spec to match everyone else's behavior (and then we'll change Mozilla).

Billy Hoffman wrote:
> So do you want to email Opera telling them their aren't standards
> compliance and thus bring about the end of the world? Or you I? :-)
> 
> Billy
> 
> -----Original Message-----
> From: Daniel Veditz [mailto:dveditz@xxxxxxxxxx]
> 
> The ECMA 262 Edition 3 spec says to
> 
> 11.1.4.1. Create a new array as if by the expression |new Array()|.
> 11.1.5.1. Create a new object as if by the expression |new Object()|.

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

References:
- [WEB SECURITY] Why JSON/JavaScript hijacking only works on Mozilla
  - From: Billy Hoffman
- Re: [WEB SECURITY] Why JSON/JavaScript hijacking only works on Mozilla
  - From: Daniel Veditz
- RE: [WEB SECURITY] Why JSON/JavaScript hijacking only works on Mozilla
  - From: Billy Hoffman

Prev by Date: RE: [WEB SECURITY] How to detect XSS in an automated fashion
Next by Date: Re: [WEB SECURITY] How to detect XSS in an automated fashion
Previous by thread: RE: [WEB SECURITY] Why JSON/JavaScript hijacking only works on Mozilla
Next by thread: [WEB SECURITY] HTTP Proxy for thick clients
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site