oh nice can you exploit it?
@garethheyes I just figured out that you define undefined properties for unsandboxed names in object literals to make `a in b` work :D
-
-
-
no, as far as I can see, it works properly. well, except that e.g. `'XMLHttpRequest' in window` is true, but that's not a vuln
- 2 more replies
New conversation -
-
-
nice trick :D
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.