For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

A Billion More Laughs: The JavaScript hack that acts like an XML attack

Don is off in Lowell working on a project with our ARX folks so I was working late last night (finishing my daily read of the Internet) and ended up reading Scott Hanselman's discussion of threads ve...
Published Sep 11, 2008
Version 1.0
ajax
application
applications
arx
ASM Advanced WAF
chrome
dev
exploits
http
ie8
Lori_MacVittie's avatar
Lori_MacVittie
Icon for Employee rankEmployee
Sep 11, 2008
@unknown_coder

 

 

My understanding is that FF does warn you. The comment referenced IE8 beta 2, so it's possible this is something that Microsoft will address before officially releasing IE8.

 

 

I agree, IE8 and Chrome *should* implement that same mechanism - and given that Google implemented its own JavaScript engine, one wonders if they did. I have not verified that it does or does not.

 

 

Anyone want to try it with Chrome and let us know?