Open
Description
poc:
(function(){confirm(1)})()
when the web with single js content, it may result code execution. (it shouldn't be executed when broswe a single js file without any html tag).
I discovered the insecure code in https://github.com/zxlie/FeHelper/blob/master/apps/json-format/automatic.js , line 199 to line 206
additionally, I understand the code is compatibilized for bad json content like {a:1}, but as a result, it's insecure.
Metadata
Metadata
Assignees
Labels
No labels

