ES5 has decided for whatever reason to treat \u2028 and \u2029 (line/paragraph separators) as a new line in JavaScript this makes it in-line with regex “\s” character class. The JSON specification (to my knowledge) wasn’t changed. So although it mentions escaping characters within strings it isn’t a requirement. This means we’re left with \u2028 and […]
Archives for the ‘Security’ Category
JSReg down but not out
Thursday, 14 July 2011
A few months ago some very talented people called Jonas Magazinius aka @internot_ and Alexey Silin aka @lever_one broke JSReg. Maybe broke is the wrong word obliterated is more accurate. This was very humbling for me, I knew it wasn’t perfect this is why I tried to tempt them to break it by stating it […]
JSON Hijacking
Monday, 30 May 2011
There isn’t a lot of information about JSON hijacking out there at the minute, I will aim to provide a “news update” on the state of publicly known techniques. First off I will give a quick overview of how JSON data can be stolen and explain how JavaScript reads JSON. JavaScript’s quirky nature There is […]
Opera parser monster eats unicode
Thursday, 7 April 2011
Whilst writing my own parser I found weird things in Opera’s JavaScript parser. I was testing what the various browsers allowed with unicode escapes and it turns out Opera seems more lax than others. My discovery began with the following code: try {eval(“\\u0066\\u0061\\u006c\\u0073\\u0065”);} catch(e) {alert(e);} What do you expect the undefined variable to be? It’s […]
DOM sandboxing talk
Friday, 25 March 2011
I did a talk in Leeds about DOM sandboxing with regular expressions, it went ok. I’m not the best speaker to be honest but with a bit more practice I’ll get there. Here are the slides:- PDF version Powerpoint slides
Blog fight round two
Monday, 21 March 2011
Thanks Pádraic So I hope you’ve enjoyed our blog fight between me and Pádraic Brady. I sense a lack of a sense if humour in his last post 🙁 his blanket claims that regex html validation sucks were obviously unjustified. Anyway I was waiting for a cool XSS hole in HTMLReg from him, it never […]
Regex HTML Sanitisation can work
Friday, 18 March 2011
Dear Pádraic Brady, I have not received any emails with any exploits, I am disappointed I want my HTML regex sanitiser to be broken please. Apparently you can find 2-5 vulnerabilities per solution so please execute XSS in my regex. Thanks! I’ll be very impressed if you do and I will promise to dedicate a […]
Hackvertor supports 0Auth
Monday, 14 March 2011
I’ve finally added Twitter 0Auth support in Hackvertor, you can now login via Twitter to save you from remembering yet another set of creds. I plan to use the twitter features to enable realtime sharing of HVURLs and interface, maybe games and challenges too eventually. All points are reset 🙁 but if you login and […]
How do you spell JavaScript again?
Wednesday, 23 February 2011
So I came across a cool post to hack the new HTML5 parser that Opera is developing, it is awesome that a vendor says hey c’mon look what we’ve done, please try and break our stuff. I couldn’t resist having a go as they asked so nicely and within minutes…. <a href=”javAascript:alert(1)”>test1</a> <a href=”javaascript:alert(1)”>test2</a> That’s […]
Hackvertor export API
Wednesday, 26 January 2011
I’ve had requests to create a Hackvertor API to allow you to embed it on your own sites, so I’ve created one. It uses postMessage to communicate and you can set the width, height, top, left and callback for your output. The code looks like this:- Hackvertor.write({top:’0px’,left:’300px’,width:’700px’,height:’400px’, callback:function(str) { document.getElementById(‘output’).value=str; }}); This will write a […]