The Perils of JavaScript Objects

A few days ago I was desperately trying to solve a bug which made no sense. In most circumstances everything worked fine, but then when you added more data, everything broke. Steven eventually discovered it was because I was overriding my JavaScript object’s length attribute causing problems when trying to loop over every element in the object.

JavaScript objects are essentially the same as dictionaries. To access attribute foo, you can either do or obj[‘foo’]. For my word cloud visualisation in Webscavator (post coming soon about that) I populate a Python dictionary with the key being the word in the tag cloud, and the values being a tuple of useful things such as phrases the word appears in, amount of appearances etc. This gets JSON-ified and passed via AJAX to the page. The JavaScript then loops through this object/dictionary and displays my word cloud.

The problem is length is one of the words in the word cloud, i.e. a key for the dictionary. obj.length no longer returned the length of the object, but the tuple of things I made in Python! jQuery happily looped over the attributes in the object when length was not a dictionary key, but fell over when it did. The crude solution is to append each keyword with a ‘_’ and then remove it when displaying it, so length becomes _length which causes no clashes.

I wonder if there are any exciting scripting vulnerabilities you could expose with this?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s