I decided to convert MentalJS to PHP so that the parsing can happen server side and maybe even later on allow JavaScript execution inside PHP. I found PHP really slow and has poor support for creating parsers. As an example I found that parsing jQuery in php was around 3.6-4 seconds whereas JavaScript was 100ms, […]

This is a pretty awesome x-domain I found and reported to Opera. It should be fixed in the latest version. Opera was leaking more properties than it should on a x-domain location but the flaw was interesting because Opera prevented access to functions like alert etc so it wasn’t directly exploitable however by using literal […]

I’ve been on a mission to create a reliable JavaScript sandbox. I started off writing one with regular expressions which was flawed because of the inability to match whole expressions and matching characters. That sandbox was called JSReg, it was broken by the very best js hackers (Alexey Silin, Jonas Magazinius, Mario Heiderich, Eduardo Vela, […]