- From: Gervase Markham <gerv@mozilla.org>
- Date: Fri, 17 Mar 2006 14:22:37 +0000
Jim Ley wrote:
> I can't reproduce this, in IE and Opera, there's no effect whatsover
> playing with Object constructors, in Mozilla there is however it is
> not called unless you have an expression:
>
> {chicken:true} // doesn't call it.
> donkey={chicken:true} // does call it.
>
> Please can you provide more information on how raw JSON is available
> from script elements?
Apologies; it was the Array constructor, and I was slightly wrong in the
details. Here is the exploit:
http://www.webappsec.org/lists/websecurity/archive/2006-01/msg00087.html
Gerv
Received on Friday, 17 March 2006 06:22:37 UTC