How dangerous is eval()? — OZONE Asylum, home of the Mad Scientists

This page's ID: 28308

Edit Post

Who can edit a post?	The poster and administrators may edit a post. The poster can only edit it for a short while after the initial post.

Your User Name:
Your Password:
Login Options:	Remember Me On This Computer

Your Text: Insert Slimies » Insert UBB Code » Close Last Tag \| All Tags UBB Help	[i]eval()[/i] is evil! plain and simple. It forces the JavaScript engines to re-parse a chunk of script and have no security whatsover. As for the criticality, for instance the [i]eval()[/i] can be used to exploit any of security gaps listed on Secunia's advisories for:[ulist]* [url=http://secunia.com/product/11/#advisories]Microsoft Internet Explorer 6.x[/url] * [url=http://secunia.com/product/4227/#advisories]Mozilla Firefox 1.x[/url] * [url=http://secunia.com/product/4932/#advisories]Opera 8.x[/url][/ulist]At best, in case of a malicious usage, your website would be defaced and the user gratified with goatse and tubegirl. At worst the user would have some serious problems with his/her computer. Oh, script injection in JSON is a piece of cake. There's plenty of sites explaining how to do it. [url=http://www.p01.org/][img]http://poi.ribbon.free.fr/files/p01_ozoneasylum_sig_dk.gif[/img][/url] [small](Edited by [url=http://www.ozoneasylum.com/user/2185]poi[/url] on 08-08-2006 08:35)[/small] Loading...
Options:	Enable Slimies Enable Linkwords

Edit Post