Open korotin opened 7 years ago
Hello.
I assume double curly brackets used in AngularJS for data binding are worth adding to that list. If not escaped properly string like {{ blablabla }} may crash AngularJS app.
{{ blablabla }}
More on AngularJS syntax: https://docs.angularjs.org/guide/introduction
and maybe something like that : {{x = {'y':''.constructor.prototype}; x['y'].charAt=[].join;$eval('x=alert(1)');}}
{{x = {'y':''.constructor.prototype}; x['y'].charAt=[].join;$eval('x=alert(1)');}}
cf : https://finnwea.com/blog/stealing-passwords-from-mcdonalds-users
https://gist.github.com/mccabe615/cc92daaf368c9f5e15eda371728083a3
Hello.
I assume double curly brackets used in AngularJS for data binding are worth adding to that list. If not escaped properly string like
{{ blablabla }}
may crash AngularJS app.More on AngularJS syntax: https://docs.angularjs.org/guide/introduction