Skip to content

Instantly share code, notes, and snippets.

@milankinen
Created December 2, 2015 08:35
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save milankinen/fcedeb323a9219cc335f to your computer and use it in GitHub Desktop.
injektio #1
// bundlen entry point
const he = require("he")
const initial = JSON.parse(he.unescape(document.getElementById("state").innerHTML))
console.log(initial)
const he = require("he")
const {renderToStaticMarkup} = require("react-dom/server"),
const page = state =>
<html>
<head>
<title>evil</title>
</head>
<body>
<div id="app" />
<script id="state" type="application/json" dangerouslySetInnerHTML={{__html: he.escape(JSON.stringify(state))}}/>
<script type="text/javascript" src="/public/bundle.js" />
</body>
</html>
app.get("/", (req, res) => {
const EVIL_MOLLYLLA = {
"foo": "<script>alert('lol')</script>",
"<script>alert('bal')</script>": "tsers"
}
res.set("Content-Type", "text/html")
res.send(renderToStaticMarkup(page(EVIL_MOLLYLLA)))
})
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment