Add script-src test cases for ES6 Reflect API (unsafe-eval)

web-platform-tests / wpt

Test suites for Web platform specs — including WHATWG, W3C, and others

https://web-platform-tests.org/

Other

4.91k stars 3.06k forks source link

Open hillbrad opened 9 years ago

hillbrad commented 9 years ago

FF 42 supports the ES6 Reflect API. New DOMXSS sink: Reflect.set(location, 'href', 'javascript:alert(1)') https://t.co/lHFWLJzRC6

foolip commented 5 years ago

@hillbrad, this issue has been inactive for 3 years. Do you still plan to work on it?