[whatwg] JSONRequest

Gervase Markham gerv at mozilla.org
Fri Mar 17 06:22:37 PST 2006

Previous message: [whatwg] JSONRequest
Next message: [whatwg] JSONRequest
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jim Ley wrote:
> I can't reproduce this, in IE and Opera, there's no effect whatsover
> playing with Object constructors, in Mozilla there is however it is
> not called unless you have an expression:
> 
> {chicken:true} // doesn't call it.
> donkey={chicken:true} // does call it.
> 
> Please can you provide more information on how raw JSON is available
> from script elements?

Apologies; it was the Array constructor, and I was slightly wrong in the
details. Here is the exploit:
http://www.webappsec.org/lists/websecurity/archive/2006-01/msg00087.html

Gerv

Previous message: [whatwg] JSONRequest
Next message: [whatwg] JSONRequest
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the whatwg mailing list