Comment #16 on issue 248 by [email protected]: local var with same name
as function
http://code.google.com/p/google-caja/issues/detail?id=248
Ah, the arbitrary global issue, right. Thanks. So for the record, here is
how we could make ourselves vulnerable if we do this the wrong way. Assume
a host page uses jQuery, and some guest code is written as:
try {
throw function pwn() { };
} catch ($) {
}
If we proceed naively, guest code will have successfully overridden the
global '$' with their own function 'pwn'.
