@@toStringTag spoofing for null and undefined

Mark S. Miller erights at google.com
Fri Mar 13 22:01:27 UTC 2015

Just wanted to let everyone know that Caja is no longer vulnerable to
browsers implementing the new simpler @@toStringTag spec, so there is no
longer any need to wait for us. Thanks!

This spec change was one of several issues dealt with by our latest
release. If you're curious about these, see the Caja security advisory at <
https://code.google.com/p/google-caja/wiki/SecurityAdvisory20150313>. Enjoy!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20150313/2fbcb673/attachment.html>

More information about the es-discuss mailing list