[whatwg] JSONRequest

On 3/17/06, Gervase Markham <gerv at mozilla.org> wrote:
> Jim Ley wrote:
> > Please can you provide more information on how raw JSON is available
> > from script elements?
>
> Apologies; it was the Array constructor, and I was slightly wrong in the
> details. Here is the exploit:
> http://www.webappsec.org/lists/websecurity/archive/2006-01/msg00087.html

Yeah, only applies to Array, and I'm of the belief this is a Mozilla
security flaw anyway, hopefully it'll be fixed soon.

Thanks for including the URL in the thread too, illustrates exactly
why there are security concerns introduced with this JSONRequest.

Cheers,

Jim.

Received on Friday, 17 March 2006 06:43:02 UTC