You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
XSSI attacks could potentially make source maps available to attackers by doing a direct script src to a source map after overriding the Array constructor. This can be effectively prevented by preprending a JavaScript syntax error to the start of the response.
Thus when delivering source maps over HTTP, servers may prepend a line starting with the string “)]}'” to the sourcemap. If the response starts with this string clients must ignore the first line.
Does this still carry relevancy in the current day and age and is this consistently being implemented? I haven't seen source maps actually being prefixed with that character sequence.
The text was updated successfully, but these errors were encountered:
The current spec has this in it:
Does this still carry relevancy in the current day and age and is this consistently being implemented? I haven't seen source maps actually being prefixed with that character sequence.
The text was updated successfully, but these errors were encountered: