W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2006

[whatwg] JSONRequest

From: Jim Ley <jim.ley@gmail.com>
Date: Fri, 17 Mar 2006 14:43:02 +0000
Message-ID: <851c8d310603170643p53772fa4rcbcbabb75a1f2c17@mail.gmail.com>
On 3/17/06, Gervase Markham <gerv at mozilla.org> wrote:
> Jim Ley wrote:
> > Please can you provide more information on how raw JSON is available
> > from script elements?
>
> Apologies; it was the Array constructor, and I was slightly wrong in the
> details. Here is the exploit:
> http://www.webappsec.org/lists/websecurity/archive/2006-01/msg00087.html

Yeah, only applies to Array, and I'm of the belief this is a Mozilla
security flaw anyway, hopefully it'll be fixed soon.

Thanks for including the URL in the thread too, illustrates exactly
why there are security concerns introduced with this JSONRequest.

Cheers,

Jim.
Received on Friday, 17 March 2006 06:43:02 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:58:45 UTC