n

bracket-dot-notation-security

public

1 stars

0 forks

0 issues

Commits

List of commits on branch master.

Unverified

16b74a8ecbb969bede8aa8bf86a0b1744e9b2ee0

Initial commit ☀️

nnewyork-anthonyng committed 6 years ago

README

The README file for this repository.

Security: Bracket notation versus Dot notation

This demo project shows the security differences between bracket notation and dot notation in JavaScript.

Getting started

npm install

npm run start

🚨 Dot notation

Navigate to http://localhost:8000/dot?name=a,alert("hi").

The /dot route uses dot notation. Notice how it runs arbitrary JavaScript.

✅ Bracket notation

Navigate to http://localhost:8000/bracket?name=a,alert("hi").

The /bracket route uses bracket notation. Notice how it does not run arbitrary JavaScript.