|
|
|
|
|
|
by void_starer
2904 days ago
|
|
|
> I've grepped my entire local code base for 'eval' and 'pastebin'; I seem to be fine. I don't know if I'm missing something, but couldn't they have easily called it indirectly like this: console.log(global["ev" + "al"]("40 + 2")); I tested it here: http://rextester.com/FEPVG53848 |
|
|