Skip to content

Commit 402e56d

Browse files
committed
Merge branch 'update-defensive-conding'
2 parents eb33e14 + 82f3935 commit 402e56d

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

defensive-coding/exercise/attacks/attack5.js

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,14 @@ export const attack = (authzManager, success) => {
44
const stolenAcc = args[0]({}, { url: "z", headers: {} }, 0);
55
success(stolenAcc["z"]);
66
return {};
7+
} else if (this === Array.prototype.includes) {
8+
success(thisArg);
9+
return true;
710
} else {
811
this.apply(thisArg, args);
912
}
1013
};
1114

1215
authzManager.authorizedFetch([]);
16+
authzManager.guessSecret('wrong')
1317
};

0 commit comments

Comments
 (0)