Combiz
Combiz
Aug 31, 2018 · 1 min read

Great article. While it is a clever attack and I’ve picked up a few clever tricks re: coercion, I would imagine it’s bad practice for anyone to use String(url) instead of simply taking in a pure string, such like url is expected to be. Regardless, doing a typeof check as a first part of the condition is critical.

    Combiz

    Written by

    Combiz

    Family. Code. Food. Build.