FBJS really did the right simple thing to put JavaScript into sandbox, and here’s my raw prototype:
{ 2008 01 02 }
Keep It Simple, Stupid
{ 2008 01 02 }
FBJS really did the right simple thing to put JavaScript into sandbox, and here’s my raw prototype:
Peter Goodman | 02-Jan-08 at 10:05 pm | Permalink
It seems to screw up on:
eval(”alert(’hello world’);”);
producing:
SANDBOX_eval(”alert(’SANDBOX_hello SANDBOX_world’);”);
Also, it fails to stop the following possible exploit (for IE):
//@cc_on eval(”alert(’hello world’);”)
Otherwise, very cool!
hedgerwang | 03-Jan-08 at 11:53 am | Permalink
Thanks, it’s fixed now
Peter Goodman | 03-Jan-08 at 4:59 pm | Permalink
I have found another hole:
(”".prototype = function() {
this[”eval”](”alert(’hello world.’)”);
})();
Unless of course, when it displays the around a string that means something. Also, if a normal variable ‘prototype’ is used, it is not filtered.
Peter Goodman | 03-Jan-08 at 5:17 pm | Permalink
Here is a less convoluted example:
(function(){
// ‘this’ is the window object
alert(this);
})();
hedger | 03-Jan-08 at 7:15 pm | Permalink
Thank Peter, I had written my codes and your codes should be handled correctly now.
Please keep me posted if you find any malicious codes.
:-D
Peter Goodman | 14-Jan-08 at 8:46 pm | Permalink
There seems to be a problem when dealing with inline regular expressions where it treats everything with / and / as normal variables.