this post was submitted on 11 Sep 2023
10 points (63.2% liked)
linuxmasterrace
2051 readers
1 users here now
A community for Linux enthusiasts.
May your htop stats be low and your beard grow long
Welcome to !linuxmasterrace@feddit.de former r/linuxmasterrace members and existing Lemmyverse citizens: Feel free to join the newly created !linuxmasterrace@feddit.de community.
Let’s make the full transition to the decentralized Fediverse!
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Drive your web dev nuts and use [object Object] as user name
Hello Satan.
OK, I guess it's some sort of sql injection, but what does that actually does?
Not really - a SQL Injektion would be naming my user
user"; DROP TABLE USERS;--
or something like that.My string is harmless but might scare web devs: How often do you see pseudocode like this?
Usually this should print
User @someone@example.com logged on
as the variable content gets converted to a string. But if the variable is not a simple datatype like string, but a complex one, there might be errors. If you do the concatenation above with an object instead of a string, this would only printUser [object Object] logged on
. Now when the web dev sees this line he's going to try to find the Bug, where this variable gets set to the wrong value/type, when in reality it's just your carefully crafted user name.Ah thanks.
Its the String representation of a Object.
If you open your Browser and hit F12, go to the console and type
console.log(""+{})
you get an Object {} converted to a string by joining it with another empty string.Javascript