Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Caja / Secure EcmaScript should fix the JS-too-dynamic problem. I haven't tried it out yet.


It doesn't help in this case, since an attacker can just insert plain old JS. Caja (and similar things) only help for code you can actually put through the Cajoler.

It's still a good, if imperfect, solution for other use-cases.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: