Opened 11 years ago

Closed 10 years ago

Last modified 10 years ago

#9231 closed defect (fixed)

dojox.secure.capability.validate() gets fooled by long JSON strings

Reported by: enzo Owned by: Kris Zyp
Priority: high Milestone: 1.4
Component: Dojox Version: 1.3.0
Keywords: Cc: enzo
Blocked By: Blocking:

Description

As shown by the attached testcase, dojox.secure.capability.validate() correctly catches a sneaky attempt to execute a function (alert()) when dojo.fromJson() is executed, but fails to detect the same pattern in a longer JSON string: and alert() gets duly executed (in FF3, MSIE7 and Google Chrome). The defect exists from at least Dojo 1.2.3, and is still present in the Nightly Build of 2009-04-30.

Attachments (1)

testJSONvalid.html (1.0 KB) - added by enzo 11 years ago.
Testcase for bug in dojox.secure.capability.validate()

Download all attachments as: .zip

Change History (4)

Changed 11 years ago by enzo

Attachment: testJSONvalid.html added

Testcase for bug in dojox.secure.capability.validate()

comment:1 Changed 11 years ago by Adam Peller

Owner: changed from Adam Peller to Kris Zyp

comment:2 Changed 10 years ago by Kris Zyp

Resolution: fixed
Status: newclosed

(In [18474]) Fixes internal references to double digit block numbers, fixes #9231

comment:3 Changed 10 years ago by Adam Peller

Milestone: tbd1.4
Note: See TracTickets for help on using tickets.