Attack on a string created by a developer
Go and Java have "compile time constants", and JavaScript will soon get a feature that allows "Distinguishing strings from a trusted developer from strings that may be attacker controlled" via isTemplateObject.
These al… Continue reading Attack on a string created by a developer