[WEB SECURITY] JSReg now on acid
gazheyes at gmail.com
Thu Mar 11 06:55:24 EST 2010
Stefan Tomas give me a kick up the backside and asked me what's the deal
with JSReg. So I thought I'd update the online version. I've reduced the
code to 813 lines now, my plan is to make it smaller with some RegEx hacks.
It's much faster now that I dropped RegExp/String/Number rewriting, now I
just match and return the prototyped originals. It supports empty array
literals too, I can't support array literals fully yet but as a work around
you can either set the array first or use the Array() constructor.
It still isn't perfect the loop checks need to be improved and the "in"
operator could do with another method but it's the best I've got so far.
mortal hands, if Stefano Di Paola was to attempt to break it I would imagine
the challenge would be to great for him. Likewise Jesse Ruderman or Jeff
Walden would find it an impossible task to return to window. Giorgio Maone
not as I've said it is very difficult. Kuza might think he could spot
implementation mistakes but I doubt there are any. As for Eduardo Vela, yeah
he broke it in the past but then it was easy. Now it's a real challenge, I
don't see him even coming close to find any sort of RegEx mistake. If I was
to challenge some researchers to break it Mario Heiderich would never win
it, he wouldn't even come close to breaking it. Thornmaker might be able to
pull some phpids hacks out of the bag but can he come even close to a real
challenge I think not. As for you, yes you. You might have noticed I didn't
mention your name, that's because I don't think you can break it. Prove me
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity