I don't normally post stuff like this, but since it's already published and salient:
https://www.blackhat.com/presentations/bh-usa-09/VELANAVA/BHUSA09-VelaNava-FavoriteXSS-SLIDES.pdf For example, this evaluates to alert(1): ($=[$=[]][(__=!$+$)[_=-~-~-~$]+({}+$)[_/_]+($$=($_=!''+$)[_/_]+$_[+$])])()[__[_/_]+__[_+~$]+$_[_]+$$](_/_) And this evaluates to alert(name): __='' $$=__+'e' __=__+'__par' _=$$+'val' x=1+[] z=$$+'nt__' x=x[__+z] x=x[_] y=x('nam'+$$) x(y) 'abc(def)ghi(jkl)mno(pqr)abc(def)abc(def)...' Oh dear. Now, I know we can't solve the halting problem, but I wonder if you can restrict tricky things that make it hard to reason about the data, and how much that would affect real-world programs involving TC languages. Conversely, could you cripple the run-time behavior by removing hard-to-reason-about primitives like eval and still process most things safely? -- http://www.subspacefield.org/~travis/ Split a packed field and I am there; parse a line of text and you will find me.
pgp1WDjj8G8kP.pgp
Description: PGP signature
_______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
