Page 1 of 1

ADsafe, a limited java library

Posted: Sun Dec 11, 2016 8:56 pm
by morganism
"ADsafe makes it safe to put guest code (such as third party scripted advertising or widgets) on a web page. ADsafe defines a subset of JavaScript that is powerful enough to allow guest code to perform valuable interactions, while at the same time preventing malicious or accidental damage or intrusion."

http://www.adsafe.org/

this doesn't appear to be aligned with adsafe media, but should be checked out....

Re: ADsafe, a limited java library

Posted: Sun Dec 11, 2016 9:07 pm
by barbaz

Re: ADsafe, a limited java library

Posted: Sun Dec 11, 2016 9:56 pm
by Thrawn
Well, it can only be a good thing to put limits on what ad JavaScript can do, but I wouldn't put all my eggs in that basket...

https://www.trustwave.com/Resources/SpiderLabs-Blog/ModSecurity-XSS-Evasion-Challenge-Results/
https://www.google.com.au/search?q=mentaljs+bypass