Need to avoid some one adding protype to object

Brought to you by: agillett, warp9pnt9, xwisdom

#246 Need to avoid some one adding protype to object

Milestone: Verified

Status: open

Owner:

Labels: DynAPI 3 API (34)

Priority: 5

Updated: 2005-08-08

Created: 2005-08-07

Creator: qq365

Private: No

In other js file, someone maybe add function like:

object.prototype.toXML

so, need to avoid some one adding protype to object.

For example:
in event.js, line 342

---need change

for (id in this._childAnchors) this._updateAnchor(id);

---to

for (id in this._childAnchors)
{
if(typeof this._childAnchors[id] != 'function')
this._updateAnchor(id);
}

in ioelement.sync.js, line 33

---need change

nv[nv.length]=i+'='+((mod!='get')? data
[i]:IOElement.URLEncode(data[i]));

---to

if(typeof data[i] !="function")
nv[nv.length]=i+'='+((mod!='get')? data
[i]:IOElement.URLEncode(data[i]));

Discussion

- 2005-08-08

assigned_to: nobody --> warp9pnt9
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

- 2005-08-08

Logged In: YES
user_id=706287

I'm not sure I fully understand what you mean. Can you
explain better? Give a specific example of how this is a
problem. I would venture a guess that this refers to some
sort of scripting vulnerability? Presumably cross-site?
Maybe one site uses JavaScript, and another site spoofs the
page, and stuff in some additional JavaScript to peek at the
information going between the client and the server, to log
elsewhere?

I'd definitely understand if you upload an attachment with a
self-contained example with all involved files (zip, 7z,
tar.bz2, etc.), and instructions on what to observe. I can
set up two servers on localhost, or one local and another on
the internet, and make a test case, analyze packet logs,
anything. Just tell me what to look for. If someone else
understands please explain.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

qq365 - 2005-08-08

Logged In: YES
user_id=1274026

The details of the bug were not sufficient enough in order to
duplicate. Please provide a more detailed description of the
bug as well as an example that demonstrates the behavior.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

qq365 - 2005-08-08

Logged In: YES
user_id=1274026

For example:
I import another js library, which has code like:

----------------------------------
Object.prototype.Clone = function() {};
----------------------------------

in dynapi:
----------------------------------
for (var i in this.children) {
ch=this.children[i];
if(!ch._hasDragEvents) ch.DragDrop(s,mX,mY);
----------------------------------

OK, when 'i' is 'Clone', 'ch._hasDragEvents' will throw a errror.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.