Opened 10 years ago
Closed 10 years ago
#13267 closed defect (fixed)
dojox.secure allows untrusted code to execute
Reported by: | Douglas Hays | Owned by: | Kris Zyp |
---|---|---|---|
Priority: | blocker | Milestone: | 1.7 |
Component: | Dojox | Version: | 1.7.0b1 |
Keywords: | Cc: | ||
Blocked By: | Blocking: |
Description
Surrounding any evil-doer string with 1/1; allows the code to be executed.
var sandbox = dojox.secure.sandbox(dojo.byId("sandbox")); var code = "1/1;"+ "window.location.href ='http://www.ibm.com';"+ "1/1;"; sandbox.evaluate(code);
Note: See
TracTickets for help on using
tickets.
(In [25676]) Remove support for regex to prevent slash-based attacks, fixes #13267 !strict