|
|
|
|
|
|
by whyonearth
2740 days ago
|
|
|
I certainly hope that isn't the intent, because there are other ways to generate network requests (new Image() and fetch(), for example). Sandboxing JS eval is a very hard problem and even Angular 1's "bulletproof" sandboxed template engine was repeatedly owned. I'd be wary of XSS on any site like this one. |
|
|