2 comments

[ 5.0 ms ] story [ 13.7 ms ] thread
I might be missing a step here... but how does that lead to a new XSS attack?
It could cause some very strange behavior in minified code. JS allows chained assignment like so:

a = b = c = 4

Is totally valid, and assigns 4 to all three variables. It could cause all sorts of undefined behavior, and plenty of interesting, almost undetectable obfuscation. XSS is just the tip of the iceberg.