|
|
|
|
|
|
by goldenkey
3655 days ago
|
|
|
Actually it's much worse, it's the equivalent of calling a function that ends up doing something totally different than you thought it would. Very reminiscent of a web bug that has since been blocked by newer browsers: parsing JSON data that ends up using a constructor redefinition exploit to execute arbitrary JS. Pretty much this: http://www.thespanner.co.uk/2011/05/30/json-hijacking/ |
|
|