Source |
Veracode |
Identifiant |
5943288 |
Date de publication |
2022-07-19 12:40:39 (vue: 2022-07-25 22:05:34) |
Titre |
Yet Another Perspective on Prototype Pollution |
Texte |
Prototypes
JavaScript is a programming language based on prototypes instead of classes. When a new object is created, the features of the prototype object are inherited – this includes arrays, functions, and even class definitions. The new object can also act as a template for other inheriting objects, transferring its properties, and creating the prototype chain. This object-based inheritance provides the flexibility and efficiency that web developers favor, yet this behavior opens applications to vulnerabilities via object manipulation.
JavaScript objects are easily manipulated via static methods as demonstrated in this blog post. So, when is a case of object manipulation considered to be prototype pollution?
Consider the following example of a constructor named Shape:
A new object instance of the Shape object is created using the keyword new.
The inheritance schema can be illustrated as such:
The following shows the prototype chain where the __proto__ property of the… |
Envoyé |
Oui |
Condensat |
act also another applications are arrays based behavior blog can case chain class classes consider considered constructor created creating definitions demonstrated developers easily efficiency even example favor features flexibility following functions illustrated includes inheritance inherited inheriting instance instead its javascript keyword language manipulated manipulation methods named new object objects opens other perspective pollution post programming properties property proto prototype prototypes provides schema shape shape: shows static such: template the… transferring using vulnerabilities web when where yet |
Tags |
|
Stories |
|
Notes |
|
Move |
|