Hi all
I thought I'd share my AngularJS talk because it has a few js bugs/features.
Chrome allows you to call __lookupGetter__ in the context of window when called
as a general function not as a member function.
There are also a load of getters now available on window such as event which
leads to a sandbox escape.
Firefox allows you use __lookGetter__ to get caller no other browser does this.
There are many more quirks explained in the talk and blog.
Talk: http://youtu.be/jlSI5aVTEIg?a
Blog:
http://blog.portswigger.net/2017/05/dom-based-angularjs-sandbox-escapes.html
Slides:
https://portswigger.net/knowledgebase/papers/DOMAngularSandboxEscapes.pdf
Cheers
Gareth
_______________________________________________
es-discuss mailing list
[email protected]
https://mail.mozilla.org/listinfo/es-discuss
