[thelist] ajax, javascript libraries - security.

Matt Warden mwarden at gmail.com
Tue Apr 17 07:52:52 CDT 2007


On 4/17/07, trevor <trevor at intospace.ca> wrote:
> could you please shed some light about this too - the defensive concept to
> include a line of code such as:  while(1)    at the start of the json
> object, in order to throw an "evil observer's" computer into a loop.
>  i don't get that.  because  --  if the "legitimate" javascript knows enough
> to remove that line of code before implementing the object behaviour,  then
> what is to stop the "evil observer" from simply  inspecting the legitimate
> code, identifying the process to remove the while(1) statement, and then
> adding that removal process to their own "evil" observation code??

Take another read through the paper to understand the exploit better.
The exploit involves using a script tag to pull the JSON into the page
context of a malicious site. There is no opportunity to parse the
JavaScript that results. As such, surrounding the JSON with /* and */
or adding a while(1); before the definition of the JSON would both
defeat the exploit.

Matt Warden
Cleveland, OH, USA

This email proudly and graciously contributes to entropy.

More information about the thelist mailing list