caplet at Yahoo! Groups

CFP: W2SP 2010: Web 2.0 Security and Privacy 2010

Collin Jackson — Mon, 14 Dec 2009 00:50:53 GMT

This is announcement of the call for papers for the fourth in a series of successful workshops on topics related to security and privacy for Web 2.0. This

Re: ADsafe

Tyler Close — Sun, 16 Aug 2009 18:52:04 GMT

What's the recommended idiom for iterating over the elements of an array? I had been using: for (var i = 0; i !== v.length; i += 1) { var element = v[+i]; ...

adsafe.js

Douglas Crockford — Sat, 08 Aug 2009 00:15:56 GMT

... This produces a bunch from which all text nodes containing only whitespace are removed I added these bunch methods: .each(func) The function is called for

ADsafe

Douglas Crockford — Fri, 31 Jul 2009 16:20:39 GMT

The ADsafe verifier now rejects programs that use the arguments pseudo array. The ADsafe verifier now rejects programs that use expressions with the subscript

adsafe.js

Douglas Crockford — Fri, 31 Jul 2009 13:47:46 GMT

I repaired some leakage in the ADsafe Ajax library. Grateful thanks to John Mitchell, Sergio Maffeis, and Ankur Taly. http://www.doc.ic.ac.uk/~maffeis/ I also

Re: [Caja] Re: More undocumented silliness in Firefox/SpiderMonkey

Mike Samuel — Fri, 31 Jul 2009 13:39:27 GMT

We should add tests though to make sure we stay invulnerable to that. 2009/7/29 Mike Stay ... We should add tests though to make sure we

FBJS2 -- The bad news and the good news

marcel.laverdet — Thu, 16 Jul 2009 03:31:38 GMT

Hey I wanted to let you guys know that for now I'm discontinuing research on FBJS2. Basically at this time instead we're focusing on Facebook Connect (external

Re: ADsafe bugs?

Douglas Crockford — Wed, 10 Jun 2009 07:39:40 GMT

... The fault was mine. Please ask Joel to try it again.

ADsafe bugs?

Adam Barth — Tue, 09 Jun 2009 20:56:02 GMT

Hi folks, Joel was playing around with ADsafe today and noticed that the verifier seems to be broken at the moment. For example, this widget passes the

Re: ADsafe banned list

Tyler Close — Mon, 25 May 2009 23:24:36 GMT

... What about stack overflow? ... I did the testing during the caja security review and I believe I got an exploit working in both IE 6 and Firefox 2 on

Re: ADsafe banned list

Brendan Eich — Mon, 25 May 2009 22:38:25 GMT

... I'd like to know too -- you can throw an object that you could return, so that's not it. Is it the ES3 spec bug, not implemented by many browsers, where

Re: ADsafe banned list

Tyler Close — Mon, 25 May 2009 21:57:14 GMT

On Sun, May 24, 2009 at 7:49 AM, Douglas Crockford ... Javascript's catch is also problematic since it enables catching of stack overflow and out of memory

Re: ADsafe banned list

Douglas Crockford — Sun, 24 May 2009 14:50:22 GMT

... I do not understand the value in preventing information leaks here. What is the hazard? I am considering the blocking of try/catch in ADsafe. I am

ADsafe banned list

Douglas Crockford — Sun, 24 May 2009 01:08:09 GMT

I slimmed down the ADsafe banned list. These are the names of members that may not be accessed. This list is now: arguments callee caller constructor eval

Fwd: Techtalk on EcmaScript 5

Mark S. Miller — Wed, 20 May 2009 03:00:17 GMT

... From: Mark S. Miller Date: Tue, May 19, 2009 at 7:52 PM Subject: Techtalk on EcmaScript 5 To: "es5-discuss@..."