[bemurphy]

It's really unclear, but I think it's a loose reference to an older hack that involves patching javascript's Array to steal data when parsing JSON. The references to 'old array' and 'new array' in the screenshot seem to be the tipoff. This is my best guess at least.

See http://flask.pocoo.org/docs/security/#json-security for info. Most modern browsers don't let you patch Array like this anymore.

Also, that's more a csrf issue so, I could be totally wrong.