-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bypass 002: Function("return this")()
d'oh!
#11
Comments
After a bit more convo with Stefano, it's not looking good to me, e.g. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function#Description says:
So not only is the window context leaked, but even if Not quite ready to wave the white flag, but I suspect this is gonna be a losing battle. |
Welp, this one is too easy:
http://natevw.github.io/evel/challenge.html#Function(%22return%20this%22)()
Credit: https://twitter.com/wisecwisec/status/357861675782770689
Need to dive into the spec and figure out why
Function
breaks out of strict mode whileeval
doesn't — this could be intentional and if so we're ± hosed? We could pass inevel.Function
asFunction
, but I suspect it's trivial to get the original back via primitives and any other exposed methods.The text was updated successfully, but these errors were encountered: