Context Navigation

← Previous Ticket
Next Ticket →

#13267 closed defect (fixed)

dojox.secure allows untrusted code to execute

Reported by:	Douglas Hays	Owned by:	Kris Zyp
Priority:	blocker	Milestone:	1.7
Component:	Dojox	Version:	1.7.0b1
Keywords:		Cc:
Blocked By:		Blocking:

Description

Surrounding any evil-doer string with 1/1; allows the code to be executed.

var sandbox = dojox.secure.sandbox(dojo.byId("sandbox"));
var code = "1/1;"+
        "window.location.href ='http://www.ibm.com';"+
        "1/1;";
sandbox.evaluate(code);

Change History (1)

comment:1 Changed 11 years ago by Kris Zyp

Resolution:	→ fixed
Status:	new → closed

(In [25676]) Remove support for regex to prevent slash-based attacks, fixes #13267 !strict

Note: See TracTickets for help on using tickets.

Download in other formats:

Comma-delimited Text
Tab-delimited Text
RSS Feed