Going through a bunch of JavaScript I do not trust and it has a ton of web address comments like citations but likely some bad stuff in there too. What could be swapped with the address to instead act as a local tripwire or trap?
Just a mild curiosity for scripting stuff.
Assuming it is a quoted string for simplicity.
..."http://foo.bar/"...$ sed -i 's/\/.*\"/injection/g'That is flawed in practicality, but gets the point across and will result in
http:injection. It would take more convoluted escapes to replace the ‘//’.I was thinking there has to be a way to use the address like a printf like situation. However someone tries to use an address, it just hits a local trip wire. Pass that to anything you don’t want to connect on the internet. It is super lazy and hacky, but I don’t really care. I use an external firewall device with DNS whitelist, so I block everything anyways. Flagging stuff just makes it easy to say something to others that might benefit.