Javascript
Javascript¶
WASM¶
Iframe¶
sanboxed, allow-same-origin
DOM Clobbering¶
If there are three nested iframes if the top and leaf iframes are the same domain they can interact with each other.
JS makes variables from the names of the id/name of certain elements. This does not overwrite variables but does make them if they don't exist.
<!DOCTYPE html>
<html>
<body>
<h1 id="dog">BOW!</h1>
<script>
//Alerts [object HTMLHeadingElement]
alert(dog)
</script>
</body>
</html>
JS Evaluation¶
https://github.com/pyppeteer/pyppeteer