Skip to content

arbitrary code execution when formating json #63

Open
@hundan2020

Description

@hundan2020

poc:

(function(){confirm(1)})()

image

image

when the web with single js content, it may result code execution. (it shouldn't be executed when broswe a single js file without any html tag).

I discovered the insecure code in https://github.com/zxlie/FeHelper/blob/master/apps/json-format/automatic.js , line 199 to line 206

additionally, I understand the code is compatibilized for bad json content like {a:1}, but as a result, it's insecure.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions