You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Within the KLIPSE boxes at the blog post announcing secure mode, it's still possible to run e.g. the following Javascript snippets, exposing things secure mode is trying to hide:
this.documentthis.eval("1+2")
Even HTTP requests can be triggered:
varmakeXhr=this.Function("return new XMLHttpRequest()");varxhr=makeXhr.call(this);
...
All this is possible because this is bound to window.
The text was updated successfully, but these errors were encountered:
Within the KLIPSE boxes at the blog post announcing secure mode, it's still possible to run e.g. the following Javascript snippets, exposing things secure mode is trying to hide:
Even HTTP requests can be triggered:
All this is possible because
this
is bound towindow
.The text was updated successfully, but these errors were encountered: