John Resig - Re-Securing JSON
Back in March/April of this year there was a lot of hub-bub concerning the discovery of a JSON data leak, or sorts. What it boils down to is “JavaScript is incredibly flexible, even to the degree of letting you redefine basic objects, like Array or Object itself.” For example, here’s an exploit that works in Firefox 2, Opera 9, and Safari 3. It goes about redefining the global Array object then ma
Secure String Interpolation
Abstract String Interpolation, the "Hello $name_of_planet!" style of generating strings, familiar to Perl, PHP, and Ruby programmers, provides a simple and intuitive way of specifying content in many languages from HTML to SQL to URLS. It also makes it very easy to introduce serious security problems. SQL Injection, Script Injection, XML External Entity Injection (XXE), and Cross Site Scripting (X
1
リリース、障害情報などのサービスのお知らせ
最新の人気エントリーの配信
処理を実行中です
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く
https://getahead.org/blog/joe/2007/03/05/json_is_not_as_safe_as_people_think_it_is.html
