Latest from Neil Mix
- Redacted?!?
- iPhone Cool Projects
- WWDC 2009
- Protocol Inheritance in Objective-C
- The Problem of Trust
- nil
- App Store
- Pandora for iPhone version 2.0
- Awards
- Podcast Interview on Mobile Orchard
- Mobile Orchard
- Harmony
- The Ajax Experience
- Overwhelmed
- Programming Language in a Web Page: The Conundrum
- Chess and Politics
- Winter Daze
- Your Facebook Profile Doesn’t *Really* Matter, Does It?
- Projects
- Beyond DOM
- About Me
- Disphoria
- Generators and Erlang Processes
- The Auto-Update Problem
- You Want Me To Do What?
Facebook Security Hole #2
Wednesday, August 8, 2007When sandboxing JavaScript code, it is crucial that FBJS prevents the execution of arbitrary, unparsed code. The problem is that JavaScript provides many ways to do that. Between eval(), new Function(), or even setTimeout() (as we saw in my last post) there are many ways for a hacker to dynamically inject arbitrary code in the JavaScript language.
The way Facebook prevents access to these code-i...
Original article from http://www.neilmix.com/2007/08/07/facebook-security-hole-2/
Login to read full articles and enjoy our free features for members.
Related articles
feedraider "We Eat Internets" v2.0 a LAMP production by Jussi Vaihia
© 2006-2009 |
about |
blog |
help