robertino.calcaterra Auth0 Employee
Got any questions regarding the article?
Got any questions regarding the article?
Perhaps over-stressing the point, but all globals are vulnerable in the same manner as fetch in example #4.
> globalThis.Request = class BadRequest extends Request { constructor(...args) { super(...args); console.log('leaking secrets', args) } }
> const badRequest = new Request('https://foo.com?secret=xxxx')
[Log] leaking secrets – ["https://foo.com?secret=xxxx"] (1)