[whatwg] JSONRequest
Jim Ley
jim.ley at gmail.com
Fri Mar 17 06:43:02 PST 2006
On 3/17/06, Gervase Markham <gerv at mozilla.org> wrote:
> Jim Ley wrote:
> > Please can you provide more information on how raw JSON is available
> > from script elements?
>
> Apologies; it was the Array constructor, and I was slightly wrong in the
> details. Here is the exploit:
> http://www.webappsec.org/lists/websecurity/archive/2006-01/msg00087.html
Yeah, only applies to Array, and I'm of the belief this is a Mozilla
security flaw anyway, hopefully it'll be fixed soon.
Thanks for including the URL in the thread too, illustrates exactly
why there are security concerns introduced with this JSONRequest.
Cheers,
Jim.
More information about the whatwg
mailing list