Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
A SecureContext strawman
# This is Ruby right? We abuse dynamic scope for everything do
# NO
eval "`rm -rf /`"
# NO
system "rm -rf /"
# NO
alias_method :loleval, :eval
loleval "`rm -rf /`"
# NO
passw3rdz ="/etc/passwd")
# NO
l33t_pip3z = IO.pipe
# NO"`rm -rf /")
# NO
class HaxorShiz; end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment