<![CDATA[I just published a write-up on prototype pollution and how it leads to XSS.]]>I just published a write-up on prototype pollution and how it leads to XSS.

The key idea: you’re not injecting into the sink—you’re controlling the property lookup that eventually reaches it.

Pollute → Gadget → Sink → Execution

Includes examples and common vulnerable patterns (merge functions, __proto__, etc.)

https://medium.com/@marduk.i.am/prototype-pollution-15f47d9e5c6a

]]>https://board.circlewithadot.net/topic/997ca32f-d468-44c1-9076-74ebad644e98/i-just-published-a-write-up-on-prototype-pollution-and-how-it-leads-to-xss.RSS for NodeFri, 15 May 2026 05:11:53 GMTTue, 28 Apr 2026 21:25:49 GMT60