(window as any).global = window;

About

Asked 7/6, 2018 at 6:36 Answered 7/6, 2018 at 8:24

angular typescript csrf-protection polyfills

I am new in typescript, and I have used on global var in polyfill.js

(window as any).global = window;

So with security or XSS purpose is it vulnerable to use. Or should I remove to find another route? Thanks, techies.

Cinerarium answered 7/6, 2018 at 6:36 Comment(3)

Why would set the value of window to window.global ? What is the purpose of this ? – Felder 7/6, 2018 at 6:38

Some libraries depend on this global. It's a common polyfill that I believe was even included by default in Angular 5, but no longer in 6. – Inopportune 7/6, 2018 at 6:53

Yes @IngoBürk you are correct I have done the same to add in the polyfills.js file. – Cinerarium 8/6, 2018 at 9:1

Given that global is set to the same value as window and window is still available if you remove global - global provides no additional means for XSS / security issues than is already available from window itself.

So if your question is whether (window as any).global = window; creates some new opportunity for a cross-site scripting attack; it doesn't.

Cardboard answered 7/6, 2018 at 8:24 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags