emartinez-usgs/XSS - This Can Be Dangerous

## XSS - This Can Be Dangerous
<!-- Placeholder for Gist Name Only -->

## xss-example-01.js
var MyClass = function (message) {
	this.message = message;
};
MyClass.prototype.say = function () {
	console.log(this.message);
};

var myInstance = new MyClass('hello');
myInstance.say();

## xss-example-02.js
var MyClass = function (message) {
	this.message = message;
};
MyClass.prototype.say = function () {
	console.log(this.message);
};

var message = 'Hacked!';

var myInstance = new MyClass('hello');
myInstance.say.call();

## xss-example-03.js
var MyClass = function (message) {
	this.message = message;
};
MyClass.prototype.getMessage = function () {
	return this.message;
};
MyClass.prototype.say = function () {
	console.log(this.getMessage());
};

var message = 'Hacked!';
var getMessage = function () {
	return 'Hacked Super Hardcore!';
};

var myInstance = new MyClass('hello');
myInstance.say.call();

## xss-example-04.js
var MyClass = function (message) {
	this.message = message;
};
MyClass.prototype.getMessage = function () {
	return this.message;
};
MyClass.prototype.say = function () {
	console.log(this.getMessage());
};

var xss = {
	getMessage: function () {
		this.maliciousActOne();
		this.maliciousActTwo();
		this.maliciousActThree();
		return 'Mwahahaha!';
	},
	maliciousActOne: function () { console.log('I am'); },
	maliciousActTwo: function () { console.log('so very'); },
	maliciousActThree: function () { console.log('malicious.'); }
};

var myInstance = new MyClass('hello');
myInstance.say.call(xss);

## xss-example-05.js
var MyClass = function (message) {
	var _this = {},
	// Instance variable declarations
	_message = message,
	// Instance method declarations
	getMessage,
	say;

	// Method definitions
	getMessage = function () { return _message; };
	say = function () { console.log(getMessage()); };

	// Expose the public API
	_this.getMessage = getMessage;
	_this.say = say;

	return _this;
};

var xss = {
	getMessage: function () {
		this.maliciousActOne();
		this.maliciousActTwo();
		this.maliciousActThree();
		return 'Mwahahaha!';
	},
	maliciousActOne: function () { console.log('I am'); },
	maliciousActTwo: function () { console.log('so very'); },
	maliciousActThree: function () { console.log('malicious.'); }
};

var myInstance = MyClass('hello');
myInstance.say.call(xss);
	var MyClass = function (message) {
	this.message = message;
	};
	MyClass.prototype.say = function () {
	console.log(this.message);
	};

	var myInstance = new MyClass('hello');
	myInstance.say();
	var MyClass = function (message) {
	this.message = message;
	};
	MyClass.prototype.getMessage = function () {
	return this.message;
	};
	MyClass.prototype.say = function () {
	console.log(this.getMessage());
	};

	var message = 'Hacked!';
	var getMessage = function () {
	return 'Hacked Super Hardcore!';
	};

	var myInstance = new MyClass('hello');
	myInstance.say.call();
	var MyClass = function (message) {
	var _this = {},
	// Instance variable declarations
	_message = message,
	// Instance method declarations
	getMessage,
	say;

	// Method definitions
	getMessage = function () { return _message; };
	say = function () { console.log(getMessage()); };

	// Expose the public API
	_this.getMessage = getMessage;
	_this.say = say;

	return _this;
	};

	var xss = {
	getMessage: function () {
	this.maliciousActOne();
	this.maliciousActTwo();
	this.maliciousActThree();
	return 'Mwahahaha!';
	},
	maliciousActOne: function () { console.log('I am'); },
	maliciousActTwo: function () { console.log('so very'); },
	maliciousActThree: function () { console.log('malicious.'); }
	};

	var myInstance = MyClass('hello');
	myInstance.say.call(xss);