>> Maybe there are other exploits, but only know what you sent as links.
>> And those are saying you need a JSON array because JSON objects are
>> not valid js statements.
>
...
> "Yesterday, I blogged about how to steal data from JSON by overriding the
> Array constructor. Today, we break into Obj
On Thu, Jun 30, 2011 at 4:12 AM, Johannes Geppert wrote:
> What about further development as a plugin outside of the Struts Project?
> We can create a project at Google Code or Github like the jQuery Plugin.
Who is "we"? If "we" is a group of Struts committers, why would "we"
take the code somewh
On 7/10/11 4:34 AM, Christian Grobmeier wrote:
Maybe there are other exploits, but only know what you sent as links.
And those are saying you need a JSON array because JSON objects are
not valid js statements.
You clearly didn't read all the links I included, or do your own search
as I suggest
>> - don't use javascript arrays to return as a json string
>
> It really doesn't matter if it's an array or object, if it's valid json that
> the browser will attempt to execute it's vulnerable.
http://haacked.com/archive/2009/06/25/json-hijacking.aspx
"The fact that this is a JSON array is impor
