top | item 11257689 (no title) jedschmidt | 10 years ago Not _quite_ arbitrary; the only code run is that generated by lave. Arbitrary code present in functions is parsed, but not run. discuss order hn newest conradev|10 years ago But if there is a persistence or network layer involved, when compromised, it could function as an injection vector into the application, right? jedschmidt|10 years ago Sure, as it could with any part of your app, including wherever your JSON.parse code lives. load replies (2)
conradev|10 years ago But if there is a persistence or network layer involved, when compromised, it could function as an injection vector into the application, right? jedschmidt|10 years ago Sure, as it could with any part of your app, including wherever your JSON.parse code lives. load replies (2)
jedschmidt|10 years ago Sure, as it could with any part of your app, including wherever your JSON.parse code lives. load replies (2)
conradev|10 years ago
jedschmidt|10 years ago