Latest from Neil Mix
- Solve the right problem
- It takes guts to do that
- Please stop whining about App Store review
- Redacted?!?
- iPhone Cool Projects
- WWDC 2009
- Protocol Inheritance in Objective-C
- The Problem of Trust
- nil
- App Store
- Pandora for iPhone version 2.0
- Awards
- Podcast Interview on Mobile Orchard
- Mobile Orchard
- Harmony
- The Ajax Experience
- Overwhelmed
- Programming Language in a Web Page: The Conundrum
- Chess and Politics
- Winter Daze
- Your Facebook Profile Doesn’t *Really* Matter, Does It?
- Projects
- Beyond DOM
- About Me
- Disphoria
FBJS Beta Security Hole #3
Thursday, August 9, 2007Today’s exploit uses the same constructor-climbing technique as yesterday’s exploit, but explores a different avenue of attack: direct DOM access. FBJS does an excellent job of properly scoping objects so that the only access points to the DOM are the ones they provide you. For example, let’s say I grab an
FBJS-wrapped DOM element:
var div = document.getElementById("myElement");
This gets re...
Original article from http://www.neilmix.com/2007/08/08/fbjs-beta-security-hole-3/
Login to read full articles and enjoy our free features for members.
Related articles
feedraider "We Eat Internets" v2.0 a LAMP production by Jussi Vaihia
© 2006-2009 |
about |
blog |
help