[whatwg] JSONRequest
Gervase Markham
gerv at mozilla.org
Fri Mar 17 06:22:37 PST 2006
Jim Ley wrote:
> I can't reproduce this, in IE and Opera, there's no effect whatsover
> playing with Object constructors, in Mozilla there is however it is
> not called unless you have an expression:
>
> {chicken:true} // doesn't call it.
> donkey={chicken:true} // does call it.
>
> Please can you provide more information on how raw JSON is available
> from script elements?
Apologies; it was the Array constructor, and I was slightly wrong in the
details. Here is the exploit:
http://www.webappsec.org/lists/websecurity/archive/2006-01/msg00087.html
Gerv
More information about the whatwg
mailing list