On Sun, Jun 13, 2010 at 11:20 AM, Evan Gilbert <uid...@google.com> wrote:
>
>>
>> Can you explain the XSS hole from parsing a random JSON string?
>
> Naive processor calls:
> var href = document.location.href;
> var jsonBlob = href.substring(href.indexOf('#'), href.length)
> var userData = eval(jsonBlob);
> This code would allow executing arbitrary code by sending a user a link,
> which could, for example, steal your cookies on a site.
> The fix is just a really complicated RegEx match
I don't agree with this assessment. The fix is to use json2.js from
json.org (which does indeed use a really complicated regex) if there
is no global JSON object available in the browser. A global JSON
object is available in IE8+, Firefox 3.5+, Safari 4.0.x+, and Chrome
and Opera (don't have the versions handy).
"Skate to where the puck is going, not to where it is." -- Wayne Gretzky
--
Robert Sayre
"I would have written a shorter letter, but I did not have the time."
_______________________________________________
OAuth mailing list
OAuth@ietf.org
https://www.ietf.org/mailman/listinfo/oauth
