GMail's while(1) demystified
Thursday, 18. May 2006, 13:12:28
For a long time I've been wondering why GMail tends to add
Today the penny dropped: it's a subtle security feature. If I on my evil home page added a script and set the source to a suitable GMail URL I might manage to make GMail send ME your contact list. However, if I manage I won't actually get to the data, I will simply hang your browser in the while loop.
Clever. But I wonder how much security it actually adds..?
while(1);to the top of their scripts when they send for example contact lists or E-mail texts embedded in JavaScript. Typically these scripts are requested with XMLHttpRequest and the first line is removed before the rest of the script is sent to eval(). If they didn't remove the while(1) it would of course create a never-ending loop, hang the page and perhaps even the browser. So why do they add it in the first place?
Today the penny dropped: it's a subtle security feature. If I on my evil home page added a script and set the source to a suitable GMail URL I might manage to make GMail send ME your contact list. However, if I manage I won't actually get to the data, I will simply hang your browser in the while loop.
Clever. But I wonder how much security it actually adds..?
You must be logged in to write a comment. if you're not a registered member, please 
At least in the context mentioned here: http://www.fortifysoftware.com/advisory.jsp
By dantesoft, # 4. April 2007, 21:46:24