Aug 31, 2018 · 1 min read
Great article. While it is a clever attack and I’ve picked up a few clever tricks re: coercion, I would imagine it’s bad practice for anyone to use String(url) instead of simply taking in a pure string, such like url is expected to be. Regardless, doing a typeof check as a first part of the condition is critical.
