Cart
[Home] [By Thread] [By Date] [Recent Entries]
Nathan Young -X (natyoung - Artizen at Cisco) wrote: > JS (including JSON) can be included in the page using the script tag or > a DOM equivalent created via JS in the page. The source from which the > script tag pulls a file full of JS source code can point to any server. Can this URL be dynamically created at runtime using more JavaScript? > The fact that your page can easily get JS from untrusted sources but not > XmlHttp content is bizzare as far as I'm concerned. Changing browser > policies to tighten the restrictions on the scrip tag is unlikely to > happen. > I'm not quite sure if it's possible, but I'm really tempted to write a proof of concept exploit that base64 encodes XML, stuffs it in JSON, downloads it with JSON, and then deencodes it and passes it to an XML parser for parsing. Is there anyway to simply load arbitrary binary or text content from an arbitrary network connection in JavaScript? For instance, by setting an iframe URL to point to it and then grabbing it? If so, I could avoid the need to preencode the XML in JSON completely. :-) -- Elliotte Rusty Harold elharo@m... Java I/O 2nd Edition Just Published! http://www.cafeaulait.org/books/javaio2/ http://www.amazon.com/exec/obidos/ISBN=0596527500/ref=nosim/cafeaulaitA/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] |
