Jacomo Rodriguez
Sep 4, 2018 · 1 min read

Nice writeup about the standard prototype functions, but this attack description…seems a bit far far fetched… some questions here:
* how will the attacker be able to pass a constructed js object to our function?
* will he use the function itself in his code — he the could simply change the function itself, and we would be stupid to have our security there
* do we eval passed in javascript code… then this attack vector is our last concern
* why should we use String(url)… we would just use url

    Jacomo Rodriguez

    Written by