bhomass
asked on
evil javascript
I read about this evil javascript
<script type='text/javascript'>
function Array() {
var obj = this;
var ind = 0;
var getNext = function(x) {
obj[ind++] setter = getNext;
if (x) alert(Data stolen from array: " + x.toString());
};
this[ind++] setter = getNext;
}
</script>
<script type='text/javascript' src='http://bank.com/jsonservice'> </script>
but I can't understand it. what does
obj[ind++] setter = getNext;
mean? is it a variant of
var setter = getNext;
<script type='text/javascript'>
function Array() {
var obj = this;
var ind = 0;
var getNext = function(x) {
obj[ind++] setter = getNext;
if (x) alert(Data stolen from array: " + x.toString());
};
this[ind++] setter = getNext;
}
</script>
<script type='text/javascript' src='http://bank.com/jsonservice'> </script>
but I can't understand it. what does
obj[ind++] setter = getNext;
mean? is it a variant of
var setter = getNext;
http://incompleteness.me/blog/2007/03/05/json-is-not-as-safe-as-people-think-it-is/
ASKER
what the hell is this? please respond with answer or stay off.
I read about this evil javascript
What did you read?
All script is potentially bad if you don't undertand what you are doing.
ASKER
the point of this forum is to read the post, not the reference site. why don't you read my question to start off since you don't even know what I am asking.
since you don't even know what I am asking.@bhomass I'm not sure if you really understand what you are asking and we are trying to help guide you. No need for profanity or getting angry at people who volunteer time to answer your questions.
The script loops through json data and if it finds something it throws an alert. The script in your post does nothing evil.
I asked you what you read to get a better understanding of what your real question is. Your code snippet is part of an article that suggests json responses are not safe and prone to hacks. The snippet in your question is supposed to prove the writer of the articles point.
ASKER
all right in the spirit of good will, let me make it clear by re-pasting my question.
--------------------------
but I can't understand it. what does
obj[ind++] setter = getNext;
mean? is it a variant of
var setter = getNext;
-------------------------- ----------
I am not talking about why it's evil or not evil. I am asking how to interpret this one line, again. this is the line.
obj[ind++] setter = getNext;
--------------------------
but I can't understand it. what does
obj[ind++] setter = getNext;
mean? is it a variant of
var setter = getNext;
--------------------------
I am not talking about why it's evil or not evil. I am asking how to interpret this one line, again. this is the line.
obj[ind++] setter = getNext;
it sets a value for a variable in a dynamic array
ASKER
won't the following line do that same thing?
obj[ind++] = getNext;
what does it mean to add "setter" in there?
obj[ind++] = getNext;
what does it mean to add "setter" in there?
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
referenced a good article.