struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Grobmeier <grobme...@gmail.com>
Subject Re: Comments in JSON
Date Thu, 14 Jul 2011 08:48:41 GMT
2011/7/14 Łukasz Lenart <lukasz.lenart@googlemail.com>:
> 2011/7/14 Christian Grobmeier <grobmeier@gmail.com>:
>> 2011/7/14 Łukasz Lenart <lukasz.lenart@googlemail.com>:
>>> We did an internal research on the issue with JSON and it looks like,
>>> the arrays are only vulnerable, if output contains an object, it isn't
>>> a valid JavaScript.
>>>
>>> IE8, FF3, FF5, Chrome
>>
>> I recommend you this link: http://bit.ly/r7DXjB
>> This guy made it happen to steal from json objects.
>
> It doesn't work for me
> http://tools.softwaremill.pl/attack.html

You are right. It does not work for me on Chrome, Safari, FF 3 + 5 and
Opera on a Mac.
Looking at the comments, more people seem to think this is not a problem.

Cheers,
Christian

>
>
> Kind regards
> --
> Łukasz
> + 48 606 323 122 http://www.lenart.org.pl/
> Warszawa JUG conference - Confitura http://confitura.pl/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
> For additional commands, e-mail: dev-help@struts.apache.org
>
>



-- 
http://www.grobmeier.de

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org


Mime
View raw message