Comment escape allows code execution

acidbubbles / vam-scripter

A scripting language inside Virt-A-Mate, so you can write code within plugins!

GNU General Public License v3.0

12 stars 2 forks source link

Open boscap opened 4 months ago

boscap commented 4 months ago

If you're using the / / comment style and add an extra * it will escape the comment check and parse the code as normal for example:

/** let x = 1;console.log("x = 1");/* */

boscap commented 4 months ago

Looks like /* / also fails

/* / console.log("this will get printed"); /**/