You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 2, 2021. It is now read-only.
Kevin Reid edited this page Apr 21, 2016
·
1 revision
Background
There are two issues covered by this advisory:
SES did not correctly understand variable names written using escaped characters, e.g. \u0077indow, and did not recognize at all the new \u{...} syntax introduced by ECMAScript 2015. This allowed access to host global variables (such as window and document) by spelling them with escaped characters.
For applications which used the Google API tamings (not enabled by default), the taming of the Charts / Visualization API did not protect against all means of causing chart data to be interpreted as arbitrary HTML.
Impact and Advice
This is a complete breach of the Caja sandbox. All users should immediately upgrade to Caja
v6008 or later.