15 lines
656 B
Plaintext
15 lines
656 B
Plaintext
==== Loose typing
|
|
|
|
Because JavaScript is a loosely typed language, extra care should be taken
|
|
when accepting user-controlled parameters. Indeed, some methods, that can be
|
|
used to sanitize untrusted parameters, sometimes accept both objects and object
|
|
arrays.
|
|
|
|
For example, the `Array.concat` function accepts an array as argument and will
|
|
append all of its elements to its target. When an untrusted parameter is an
|
|
array, while a single string was expected, using `concat` to build a command
|
|
argument list can result in an arbitrary argument injection.
|
|
|
|
It is therefore of prime importance to check the type of untrusted parameters
|
|
before processing them.
|