I am new in typescript, and I have used on global var in polyfill.js
(window as any).global = window;
So with security or XSS purpose is it vulnerable to use. Or should I remove to find another route? Thanks, techies.
Asked
Active
Viewed 9,132 times
6
Anupam Maurya
- 1,927
- 22
- 26
-
1Why would set the value of `window` to `window.global` ? What is the purpose of this ? – Jun 07 '18 at 06:38
-
3Some libraries depend on this `global`. It's a common polyfill that I believe was even included by default in Angular 5, but no longer in 6. – Ingo Bürk Jun 07 '18 at 06:53
-
Yes @IngoBürk you are correct I have done the same to add in the polyfills.js file. – Anupam Maurya Jun 08 '18 at 09:01
1 Answers
9
Given that global is set to the same value as window and window is still available if you remove global - global provides no additional means for XSS / security issues than is already available from window itself.
So if your question is whether (window as any).global = window; creates some new opportunity for a cross-site scripting attack; it doesn't.
Fenton
- 241,084
- 71
- 387
- 401