Extends expression performs differently on Edge
Gareth Heyes
gareth.heyes at portswigger.net
Fri May 26 07:57:24 UTC 2017
```javascript
class y{}class z{}
class x extends y, z{}/alert(1)/+alert(2)
```
Edge seems to allow non-standard syntax here. I guess to allow you to
extend multiple classes but as far as I'm aware this is non-standard
syntax. The code above calls alert(2), if you change it to a class
expression both alerts are called. It's a syntax error on other browsers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20170526/abccb149/attachment.html>
More information about the es-discuss
mailing list