| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <448e9a320907211615i62a019e8q9ba65504b8e336a9@mail.gmail.com> Date: Tue, 21 Jul 2009 16:15:26 -0700 From: Michal Zalewski <lcamtuf@...edump.cx> To: Thierry Zoller <Thierry@...ler.lu> Cc: info@...cl.etat.lu, vuln@...unia.com, cert@...t.org, full-disclosure <full-disclosure@...ts.grok.org.uk>, bugtraq <bugtraq@...urityfocus.com>, cve@...re.org, nvd@...t.gov Subject: Re: Update: [GSEC-TZO-44-2009] One bug to rule them all - Firefox, IE, Safari, Opera, Chrome, Seamonkey, iPhone, iPod, Wii, PS3.... > The W3C DOM specifies the select.length attribute to be *read only*. Does not seem to be the case in HTML5 at least? http://dev.w3.org/html5/spec/Overview.html#the-select-element In fact, it has the behavior for writes defined: "On setting, it must act like the attribute of the same name on the options collection." It may or may not have any practical uses (dynamic resizing of SELECTs without having to delete individual options). /mz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists