Hacker News new | past | comments | ask | show | jobs | submit login
Assignment via `;` in Safari (twitter.com/rreverser)
23 points by adregan on Aug 30, 2017 | hide | past | favorite | 2 comments



I might be missing a step here... but how does that lead to a new XSS attack?


It could cause some very strange behavior in minified code. JS allows chained assignment like so:

a = b = c = 4

Is totally valid, and assigns 4 to all three variables. It could cause all sorts of undefined behavior, and plenty of interesting, almost undetectable obfuscation. XSS is just the tip of the iceberg.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: