Skip to content

Evaluating the Differences: Direct vs Indirect Eval with DOM Invader

Original Post: DOM Invader and the case of direct eval vs indirect eval | Blog

DOM Invader is a browser extension that helps find DOM based XSS by instrumenting JavaScript functions. The difference between direct and indirect calls to the eval function is explained, with direct calls accessing locally scoped variables and indirect calls using global variables. Indirect eval calls can cause exceptions in some cases, which can be fixed by preventing DOM Invader from instrumenting the eval function. Instructions on customizing sources and sinks are provided in the documentation.

Go here to read the Original Post

Leave a Reply

Your email address will not be published. Required fields are marked *