Opened 8 years ago

Closed 8 years ago

#13267 closed defect (fixed)

dojox.secure allows untrusted code to execute

Reported by: Douglas Hays Owned by: Kris Zyp
Priority: blocker Milestone: 1.7
Component: Dojox Version: 1.7.0b1
Keywords: Cc:
Blocked By: Blocking:

Description

Surrounding any evil-doer string with 1/1; allows the code to be executed.

var sandbox = dojox.secure.sandbox(dojo.byId("sandbox"));
var code = "1/1;"+
        "window.location.href ='http://www.ibm.com';"+
        "1/1;";
sandbox.evaluate(code);

Change History (1)

comment:1 Changed 8 years ago by Kris Zyp

Resolution: fixed
Status: newclosed

(In [25676]) Remove support for regex to prevent slash-based attacks, fixes #13267 !strict

Note: See TracTickets for help on using tickets.