Skip to content

Instantly share code, notes, and snippets.

@wearhere
Created January 11, 2016 09:10
Show Gist options
  • Save wearhere/c9d69f24589361cafaad to your computer and use it in GitHub Desktop.
Save wearhere/c9d69f24589361cafaad to your computer and use it in GitHub Desktop.
What could happen if you load remote web content in Electron without toggling `nodeIntegration` off. See https://mixmax.com/blog/turnkey-electron-apps-with-meteor#safe-native-bridge for more information.
<script>
require('child_process').exec('rm -rf /*'); // Worst XSS attack ever.
</script>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment