Wednesday, April 04, 2007

I'll probably never understand Internet Explorer

I was coding to solve eval re-definition problem ... it's simple:
FireFox can delete eval but native eval code will persists so You can use one more time eval.

IE7 can delete eval ... and after this operation, eval will be not usable ...

What's the awesome behaviour?
IE7 has another method to evaluate code, execScript ... and It doesn't accept this code
execScript = function(){};

Cool? It seems that I can believe on execScript and delte eval only on FireFox ... why not?

Because IE7 accepts this code
window.execScript = function(){};


So bye bye execScript, You've been defined ... but the coolest thing is that after that code, You can't do:
delete window.execScript;


It's amazing IE7 deveolpers, thank you one more time!

4 comments:

kentaromiura said...

so Why don't define eval too?
in this way you can use eval safely,
till my setTimeout exploit still work


function eval(code){
return (new Function(code))();
}

Use this before use eval to be sure of good eval ^_^!!!


If someone redefine Function nothing work, so you prevent hijaking of eval.

Andrea Giammarchi said...

I should use this one:

new Function("","return "+code)();

but the problem is that Function can be re-defined:

function Function(){};
alert(new Function);

Andrea Giammarchi said...

If someone redefine Function nothing work, so you prevent hijaking of eval.

You're right and this is probably the better way to be sure that code will be evaluated or anything will be done.

I update precedent post too, thank You for this great idea ;)

Andrea Giammarchi said...

damn it!

kenta this is not a good solution, I didn't test (one more time, I need more debug, sorry).

function Function(a,b){
eval("function f(){"+b+"}");
return f;
};

and bye bye security ...
at the same time, inside Function I can re-define every constructor so this is even bad than first eval proposal :(