Revision: 3893
Author: mikesamuel
Date: Fri Dec 4 16:09:34 2009
Log: Edited wiki page through web user interface.
http://code.google.com/p/google-caja/source/detail?r=3893
Modified:
/wiki/AttackVectors.wiki
=======================================
--- /wiki/AttackVectors.wiki Fri Sep 25 13:37:31 2009
+++ /wiki/AttackVectors.wiki Fri Dec 4 16:09:34 2009
@@ -32,6 +32,7 @@
* PostIncrementAndDecrementCanReturnNonNumber -- Incorrect
implementations of postincrement and postdecrement can cause confusion as
to which property is being accessed
* MisOptimizations -- Some interpreters try to optimize javascript
before execution subtly changing the semantics of builtin operators
(PostIncrementAndDecrementCanReturnNonNumber is a specific example)
* CompoundAssignmentsCanReturnNonNumber -- The type of assignment
expressions may not be correct.
+ * FinallySkipped -- An exception that is thrown not inside a
{{{try/catch}}} caught skips {{{finally}}} blocks.
== Attack Vectors at the Browser Environment, DOM, HTML, or CSS levels ==
* ScriptInHtml -- HTML Tags in Javascript Strings can allow Unsanitized
Script Execution
