-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bypass 003: Recursive eval #14
Comments
the |
Hmmm, this is a tough one |
Confirmed that this was always an issue (since 43353b2 anyway) and is still fixed after my latest cleanup. Surprised I missed this originally. What was happening here I think is explained by MDN's strict mode documentation:
This bypass does the opposite: by invoking eval in a different form it avoids strict mode, which is a big no-no for our purposes as you demonstrated. You can see this also via So I think replacing |
Heh, hunting these down sure is fun.
http://natevw.github.io/evel/challenge.html#eval('eval')('this')
The text was updated successfully, but these errors were encountered: