top | item 16463856

(no title)

koto1sa | 8 years ago

That's a well researched problem, and is common in most JavaScript frameworks. In practice it makes it harder to protect applications using them against XSS.

Check https://www.slideshare.net/mobile/x00mario/jsmvcomfg-to-ster... or script gadgets research https://github.com/google/security-research-pocs/blob/master... for more complete overview of the issue.

Disclaimer: I'm one of the authors.

discuss

ghusbands|8 years ago

I made the effort of reading those links to save others the effort. Neither of them are relevant to the vulnerability in the article.