SlideShare a Scribd company logo

Caja "Ka-ha" Introduction

yiming he
yiming he
Technology
1 of 36
Caja"KA-ha” yiminghe@gmail.com 承玉 2011-09-20 Draft
Outline Background Caja Introduction Caja Internal Learn By Example
Javascriptis dangerous ?
Stealing cookies
DDOS Make requests to your server
Expose all information See what it should not see
Load viral script Can load any number viral scripts as it want
Forge id Ask for information from user as your id
Finnally Leak Send what it got to remote server
So ?
But
Caja Comes HTML , CSS , JavaScript Security Object Capability Javascript Safe subset of javascript Related Microsoft Web Sandbox FBJS YAHOO! Adsafe
Sanitize
YAP
Make app safe
Object Capabilty Caja use object-capability security model
What does it mean other callee caller Caller can call callee by reference Caller can not call other in global namespace
How to get reference creation or introduction
Internals Backend frontend
backend Rewrite source code to allow runtime check
frontend Runtime check at browser Object properties descriptor enhance Global prevent Wrap native DOM Iframed isolation
Iframed isolation
frontend
Learn By Example
Simple example Sourcecode this.x=1;window.alert(2); Issues ?
Compiled code: ___.loadModule({ 'instantiate':function(___, IMPORTS___){ vardis___ = IMPORTS___; varmoduleResult___, x0___; moduleResult___ = ___.NO_RESULT; dis___.x_w___ ===dis___?(dis___.x= 1):dis___.w___('x', 1); moduleResult___ =(x0___ =IMPORTS___.window_v___?IMPORTS___.window: ___.ri(IMPORTS___,'window'), x0___.alert_m___? x0___.alert(2): x0___.m___('alert',[ 2 ])); returnmoduleResult___; },
Little note IMPORTS__ : runtime environment *_w__ : whether allowed to write w__ : intercept writing v__ : intercept getting *_m__ : whether allowed to call method m__ : intercept method
DOM example Source code document.body.style=‘color:red’; Issues ?
compiled vardis___ = IMPORTS___; varmoduleResult___, x0___, x1___; moduleResult___ = ___.NO_RESULT; moduleResult___ =(x1___ =(x0___ =IMPORTS___.document_v___? IMPORTS___.document: ___.ri(IMPORTS___,'document'), x0___.body_v___? x0___.body: x0___.v___('body')), x1___.style_w___ === x1___?(x1___.style ='color:red'): x1___.w___('style', 'color:red')); returnmoduleResult___;
Import KISSY Inject KISSY into IMPORT__ Source: KISSY.DOM.addClass(el,"x");
compiled vardis___ = IMPORTS___; varmoduleResult___, x0___, x1___, x2___; moduleResult___ = ___.NO_RESULT; moduleResult___ =(x1___ =(x0___ =IMPORTS___.KISSY_v___? IMPORTS___.KISSY: ___.ri(IMPORTS___,'KISSY'), x0___.DOM_v___? x0___.DOM: x0___.v___('DOM')), x2___ =IMPORTS___.el_v___? IMPORTS___.el: ___.ri(IMPORTS___,'el'), x1___.addClass_m___? x1___.addClass(x2___,'x'): x1___.m___('addClass',[ x2___,'x'])); returnmoduleResult___;
How Tell IMPORTS__ to recognize KISSY.DOM.addClass as a function frameGroup.makeES5Frame(document.getElementById("theGadget2"), {/* Grant this gadget no network access */}, function(frame){ // Load and run the gadget frame.contentCajoled(code) .run({ KISSY:frameGroup.tame({ DOM:frameGroup.markFunction(function(){}) }) }); });
Import others Class : Anim Instance method : Anim.proto.run Class : EventObject Intance member : EventObject.proto.target …etc
Demo
Refer Caja http://code.google.com/p/google-caja/ YAP http://developer.yahoo.com/yap/guide/caja-support.html http://developer.yahoo.com/yap/guide/what-are-cajas-limitations.html TAOBAO SHOP http://shopxxx.taobao.com
Thank you

Recommended

Html5 localstorage attack vectors
Html5 localstorage attack vectorsHtml5 localstorage attack vectors
Html5 localstorage attack vectorsShreeraj Shah
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfDefeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfdrewz lin
 
Phu appsec13
Phu appsec13Phu appsec13
Phu appsec13drewz lin
 
04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encodingEoin Keary
 
Appsec XSS Case Study
Appsec XSS Case StudyAppsec XSS Case Study
Appsec XSS Case StudyMohamed Ridha CHEBBI, CISSP
 
XSS
XSSXSS
XSSHrishikesh Mishra
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scriptingkinish kumar
 
Xss talk, attack and defense
Xss talk, attack and defenseXss talk, attack and defense
Xss talk, attack and defensePrakashchand Suthar
 

Recommended

Html5 localstorage attack vectors
Html5 localstorage attack vectorsHtml5 localstorage attack vectors
Html5 localstorage attack vectorsShreeraj Shah
 
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfDefeating xss-and-xsrf-with-my faces-frameworks-steve-wolf
Defeating xss-and-xsrf-with-my faces-frameworks-steve-wolfdrewz lin
 
Phu appsec13
Phu appsec13Phu appsec13
Phu appsec13drewz lin
 
04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encodingEoin Keary
 
Appsec XSS Case Study
Appsec XSS Case StudyAppsec XSS Case Study
Appsec XSS Case StudyMohamed Ridha CHEBBI, CISSP
 
XSS
XSSXSS
XSSHrishikesh Mishra
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scriptingkinish kumar
 
Xss talk, attack and defense
Xss talk, attack and defenseXss talk, attack and defense
Xss talk, attack and defensePrakashchand Suthar
 
Web Hacking
Web HackingWeb Hacking
Web HackingInformation Technology
 
MITM Attacks on HTTPS: Another Perspective
MITM Attacks on HTTPS: Another PerspectiveMITM Attacks on HTTPS: Another Perspective
MITM Attacks on HTTPS: Another PerspectiveGreenD0g
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10bilcorry
 
Securing your AngularJS Application
Securing your AngularJS ApplicationSecuring your AngularJS Application
Securing your AngularJS ApplicationPhilippe De Ryck
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Ikhade Maro Igbape
 
Xss (cross site scripting)
Xss (cross site scripting)Xss (cross site scripting)
Xss (cross site scripting)vinayh.vaghamshi _
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingInMobi Technology
 
Hacking the Web
Hacking the WebHacking the Web
Hacking the WebMike Crabb
 
Web Hacking Intro
Web Hacking IntroWeb Hacking Intro
Web Hacking IntroAditya Kamat
 
Top Ten Web Hacking Techniques (2008)
Top Ten Web Hacking Techniques (2008)Top Ten Web Hacking Techniques (2008)
Top Ten Web Hacking Techniques (2008)Jeremiah Grossman
 
Web Application Security in front end
Web Application Security in front endWeb Application Security in front end
Web Application Security in front endErlend Oftedal
 
Dzhengis 93098 ajax - security
Dzhengis 93098 ajax - securityDzhengis 93098 ajax - security
Dzhengis 93098 ajax - securitydzhengo44
 
Web Security 101
Web Security 101Web Security 101
Web Security 101Michael Peters
 
Secure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior
 
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingRSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingJim Manico
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defensesMohammed A. Imran
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
XSS and CSRF with HTML5
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5Shreeraj Shah
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and PracticesPrabath Siriwardena
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
JSFoo Chennai 2012
JSFoo Chennai 2012JSFoo Chennai 2012
JSFoo Chennai 2012Krishna T
 
Secure web messaging in HTML5
Secure web messaging in HTML5Secure web messaging in HTML5
Secure web messaging in HTML5Krishna T
 

More Related Content

What's hot

MITM Attacks on HTTPS: Another Perspective
MITM Attacks on HTTPS: Another PerspectiveMITM Attacks on HTTPS: Another Perspective
MITM Attacks on HTTPS: Another PerspectiveGreenD0g
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10bilcorry
 
Securing your AngularJS Application
Securing your AngularJS ApplicationSecuring your AngularJS Application
Securing your AngularJS ApplicationPhilippe De Ryck
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Ikhade Maro Igbape
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingInMobi Technology
 
Hacking the Web
Hacking the WebHacking the Web
Hacking the WebMike Crabb
 
Top Ten Web Hacking Techniques (2008)
Top Ten Web Hacking Techniques (2008)Top Ten Web Hacking Techniques (2008)
Top Ten Web Hacking Techniques (2008)Jeremiah Grossman
 
Web Application Security in front end
Web Application Security in front endWeb Application Security in front end
Web Application Security in front endErlend Oftedal
 
Dzhengis 93098 ajax - security
Dzhengis 93098 ajax - securityDzhengis 93098 ajax - security
Dzhengis 93098 ajax - securitydzhengo44
 
Secure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior
 
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingRSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingJim Manico
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defensesMohammed A. Imran
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
XSS and CSRF with HTML5
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5Shreeraj Shah
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and PracticesPrabath Siriwardena
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 

What's hot (20)

Web Hacking
Web HackingWeb Hacking
Web Hacking
 
MITM Attacks on HTTPS: Another Perspective
MITM Attacks on HTTPS: Another PerspectiveMITM Attacks on HTTPS: Another Perspective
MITM Attacks on HTTPS: Another Perspective
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10
 
Securing your AngularJS Application
Securing your AngularJS ApplicationSecuring your AngularJS Application
Securing your AngularJS Application
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation
 
Xss (cross site scripting)
Xss (cross site scripting)Xss (cross site scripting)
Xss (cross site scripting)
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site Scripting
 
Hacking the Web
Hacking the WebHacking the Web
Hacking the Web
 
Web Hacking Intro
Web Hacking IntroWeb Hacking Intro
Web Hacking Intro
 
Top Ten Web Hacking Techniques (2008)
Top Ten Web Hacking Techniques (2008)Top Ten Web Hacking Techniques (2008)
Top Ten Web Hacking Techniques (2008)
 
Web Application Security in front end
Web Application Security in front endWeb Application Security in front end
Web Application Security in front end
 
Dzhengis 93098 ajax - security
Dzhengis 93098 ajax - securityDzhengis 93098 ajax - security
Dzhengis 93098 ajax - security
 
Web Security 101
Web Security 101Web Security 101
Web Security 101
 
Secure Code Warrior - Local storage
Secure Code Warrior - Local storageSecure Code Warrior - Local storage
Secure Code Warrior - Local storage
 
RSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP TrainingRSA Europe 2013 OWASP Training
RSA Europe 2013 OWASP Training
 
Cross site scripting attacks and defenses
Cross site scripting attacks and defensesCross site scripting attacks and defenses
Cross site scripting attacks and defenses
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 
XSS and CSRF with HTML5
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5
 
API Security : Patterns and Practices
API Security : Patterns and PracticesAPI Security : Patterns and Practices
API Security : Patterns and Practices
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 

Similar to Caja "Ka-ha" Introduction

JSFoo Chennai 2012
JSFoo Chennai 2012JSFoo Chennai 2012
JSFoo Chennai 2012Krishna T
 
Secure web messaging in HTML5
Secure web messaging in HTML5Secure web messaging in HTML5
Secure web messaging in HTML5Krishna T
 
[CB16] Electron - Build cross platform desktop XSS, it’s easier than you thin...
[CB16] Electron - Build cross platform desktop XSS, it’s easier than you thin...[CB16] Electron - Build cross platform desktop XSS, it’s easier than you thin...
[CB16] Electron - Build cross platform desktop XSS, it’s easier than you thin...CODE BLUE
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Locking the Throneroom 2.0
Locking the Throneroom 2.0Locking the Throneroom 2.0
Locking the Throneroom 2.0Mario Heiderich
 
Javascript Security
Javascript SecurityJavascript Security
Javascript Securityjgrahamc
 
[Poland] It's only about frontend
[Poland] It's only about frontend[Poland] It's only about frontend
[Poland] It's only about frontendOWASP EEE
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeJeremiah Grossman
 
eXploitable Markup Language
eXploitable Markup LanguageeXploitable Markup Language
eXploitable Markup Languagesghctoma
 
Everybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooEverybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooNahidul Kibria
 
Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Jeremiah Grossman
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Cenzic
 
Talk about html5 security
Talk about html5 securityTalk about html5 security
Talk about html5 securityHuang Toby
 
W3 conf hill-html5-security-realities
W3 conf hill-html5-security-realitiesW3 conf hill-html5-security-realities
W3 conf hill-html5-security-realitiesBrad Hill
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008abhijitapatil
 

Similar to Caja "Ka-ha" Introduction (20)

JSFoo Chennai 2012
JSFoo Chennai 2012JSFoo Chennai 2012
JSFoo Chennai 2012
 
Secure web messaging in HTML5
Secure web messaging in HTML5Secure web messaging in HTML5
Secure web messaging in HTML5
 
[CB16] Electron - Build cross platform desktop XSS, it’s easier than you thin...
[CB16] Electron - Build cross platform desktop XSS, it’s easier than you thin...[CB16] Electron - Build cross platform desktop XSS, it’s easier than you thin...
[CB16] Electron - Build cross platform desktop XSS, it’s easier than you thin...
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
4.Xss
4.Xss4.Xss
4.Xss
 
Locking the Throneroom 2.0
Locking the Throneroom 2.0Locking the Throneroom 2.0
Locking the Throneroom 2.0
 
Javascript Security
Javascript SecurityJavascript Security
Javascript Security
 
[Poland] It's only about frontend
[Poland] It's only about frontend[Poland] It's only about frontend
[Poland] It's only about frontend
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safe
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008
 
eXploitable Markup Language
eXploitable Markup LanguageeXploitable Markup Language
eXploitable Markup Language
 
Everybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooEverybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs too
 
Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008
 
Html5 hacking
Html5 hackingHtml5 hacking
Html5 hacking
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
 
Talk about html5 security
Talk about html5 securityTalk about html5 security
Talk about html5 security
 
W3 conf hill-html5-security-realities
W3 conf hill-html5-security-realitiesW3 conf hill-html5-security-realities
W3 conf hill-html5-security-realities
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008
 
PHPUG Presentation
PHPUG PresentationPHPUG Presentation
PHPUG Presentation
 

More from yiming he

kissy 1.5 progress
kissy 1.5 progresskissy 1.5 progress
kissy 1.5 progressyiming he
 
kissy at alibaba
kissy at alibabakissy at alibaba
kissy at alibabayiming he
 
kissy modularization part2
kissy modularization part2kissy modularization part2
kissy modularization part2yiming he
 
kissy modularization part1
kissy modularization part1kissy modularization part1
kissy modularization part1yiming he
 
KISSY @ 2013-2
KISSY @ 2013-2KISSY @ 2013-2
KISSY @ 2013-2yiming he
 
KISSY 1.4.0 released
KISSY 1.4.0 releasedKISSY 1.4.0 released
KISSY 1.4.0 releasedyiming he
 
callSuper in kissy
callSuper in kissycallSuper in kissy
callSuper in kissyyiming he
 
KISSY XTemplate
KISSY XTemplateKISSY XTemplate
KISSY XTemplateyiming he
 
Introduction to kissy for adc 2013
Introduction to kissy for adc 2013Introduction to kissy for adc 2013
Introduction to kissy for adc 2013yiming he
 
Kissy component system
Kissy component systemKissy component system
Kissy component systemyiming he
 
KISSY@2013.05
KISSY@2013.05KISSY@2013.05
KISSY@2013.05yiming he
 
kissy@2013.03
kissy@2013.03 kissy@2013.03
kissy@2013.03 yiming he
 
KISSY 1.3-released
KISSY 1.3-releasedKISSY 1.3-released
KISSY 1.3-releasedyiming he
 
Simple kissy1.3
Simple kissy1.3Simple kissy1.3
Simple kissy1.3yiming he
 
Kissy in-progress
Kissy in-progressKissy in-progress
Kissy in-progressyiming he
 
Kissy dpl-practice
Kissy dpl-practiceKissy dpl-practice
Kissy dpl-practiceyiming he
 
编辑器设计2
编辑器设计2编辑器设计2
编辑器设计2yiming he
 
KISSY Editor Design 2
KISSY Editor Design 2KISSY Editor Design 2
KISSY Editor Design 2yiming he
 

More from yiming he (20)

kissy 1.5 progress
kissy 1.5 progresskissy 1.5 progress
kissy 1.5 progress
 
kissy at alibaba
kissy at alibabakissy at alibaba
kissy at alibaba
 
kissy modularization part2
kissy modularization part2kissy modularization part2
kissy modularization part2
 
kissy modularization part1
kissy modularization part1kissy modularization part1
kissy modularization part1
 
KISSY @ 2013-2
KISSY @ 2013-2KISSY @ 2013-2
KISSY @ 2013-2
 
KISSY 1.4.0 released
KISSY 1.4.0 releasedKISSY 1.4.0 released
KISSY 1.4.0 released
 
callSuper in kissy
callSuper in kissycallSuper in kissy
callSuper in kissy
 
KISSY XTemplate
KISSY XTemplateKISSY XTemplate
KISSY XTemplate
 
Introduction to kissy for adc 2013
Introduction to kissy for adc 2013Introduction to kissy for adc 2013
Introduction to kissy for adc 2013
 
Kissy component system
Kissy component systemKissy component system
Kissy component system
 
KISSY@2013.05
KISSY@2013.05KISSY@2013.05
KISSY@2013.05
 
kissy@2013.03
kissy@2013.03 kissy@2013.03
kissy@2013.03
 
kissy@2013
kissy@2013kissy@2013
kissy@2013
 
KISSY 1.3-released
KISSY 1.3-releasedKISSY 1.3-released
KISSY 1.3-released
 
Simple kissy1.3
Simple kissy1.3Simple kissy1.3
Simple kissy1.3
 
Hujs 总结
Hujs 总结Hujs 总结
Hujs 总结
 
Kissy in-progress
Kissy in-progressKissy in-progress
Kissy in-progress
 
Kissy dpl-practice
Kissy dpl-practiceKissy dpl-practice
Kissy dpl-practice
 
编辑器设计2
编辑器设计2编辑器设计2
编辑器设计2
 
KISSY Editor Design 2
KISSY Editor Design 2KISSY Editor Design 2
KISSY Editor Design 2
 

Recently uploaded

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Recently uploaded (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Caja "Ka-ha" Introduction

  • 2. Outline Background Caja Introduction Caja Internal Learn By Example
  • 5. DDOS Make requests to your server
  • 6. Expose all information See what it should not see
  • 7. Load viral script Can load any number viral scripts as it want
  • 8. Forge id Ask for information from user as your id
  • 9. Finnally Leak Send what it got to remote server
  • 10. So ?
  • 11. But
  • 12. Caja Comes HTML , CSS , JavaScript Security Object Capability Javascript Safe subset of javascript Related Microsoft Web Sandbox FBJS YAHOO! Adsafe
  • 14. YAP
  • 16. Object Capabilty Caja use object-capability security model
  • 17. What does it mean other callee caller Caller can call callee by reference Caller can not call other in global namespace
  • 18. How to get reference creation or introduction
  • 20. backend Rewrite source code to allow runtime check
  • 21. frontend Runtime check at browser Object properties descriptor enhance Global prevent Wrap native DOM Iframed isolation
  • 25. Simple example Sourcecode this.x=1;window.alert(2); Issues ?
  • 26. Compiled code: ___.loadModule({ 'instantiate':function(___, IMPORTS___){ vardis___ = IMPORTS___; varmoduleResult___, x0___; moduleResult___ = ___.NO_RESULT; dis___.x_w___ ===dis___?(dis___.x= 1):dis___.w___('x', 1); moduleResult___ =(x0___ =IMPORTS___.window_v___?IMPORTS___.window: ___.ri(IMPORTS___,'window'), x0___.alert_m___? x0___.alert(2): x0___.m___('alert',[ 2 ])); returnmoduleResult___; },
  • 27. Little note IMPORTS__ : runtime environment *_w__ : whether allowed to write w__ : intercept writing v__ : intercept getting *_m__ : whether allowed to call method m__ : intercept method
  • 28. DOM example Source code document.body.style=‘color:red’; Issues ?
  • 29. compiled vardis___ = IMPORTS___; varmoduleResult___, x0___, x1___; moduleResult___ = ___.NO_RESULT; moduleResult___ =(x1___ =(x0___ =IMPORTS___.document_v___? IMPORTS___.document: ___.ri(IMPORTS___,'document'), x0___.body_v___? x0___.body: x0___.v___('body')), x1___.style_w___ === x1___?(x1___.style ='color:red'): x1___.w___('style', 'color:red')); returnmoduleResult___;
  • 30. Import KISSY Inject KISSY into IMPORT__ Source: KISSY.DOM.addClass(el,"x");
  • 31. compiled vardis___ = IMPORTS___; varmoduleResult___, x0___, x1___, x2___; moduleResult___ = ___.NO_RESULT; moduleResult___ =(x1___ =(x0___ =IMPORTS___.KISSY_v___? IMPORTS___.KISSY: ___.ri(IMPORTS___,'KISSY'), x0___.DOM_v___? x0___.DOM: x0___.v___('DOM')), x2___ =IMPORTS___.el_v___? IMPORTS___.el: ___.ri(IMPORTS___,'el'), x1___.addClass_m___? x1___.addClass(x2___,'x'): x1___.m___('addClass',[ x2___,'x'])); returnmoduleResult___;
  • 32. How Tell IMPORTS__ to recognize KISSY.DOM.addClass as a function frameGroup.makeES5Frame(document.getElementById("theGadget2"), {/* Grant this gadget no network access */}, function(frame){ // Load and run the gadget frame.contentCajoled(code) .run({ KISSY:frameGroup.tame({ DOM:frameGroup.markFunction(function(){}) }) }); });
  • 33. Import others Class : Anim Instance method : Anim.proto.run Class : EventObject Intance member : EventObject.proto.target …etc
  • 34. Demo
  • 35. Refer Caja http://code.google.com/p/google-caja/ YAP http://developer.yahoo.com/yap/guide/caja-support.html http://developer.yahoo.com/yap/guide/what-are-cajas-limitations.html TAOBAO SHOP http://shopxxx.taobao.com