JSON HijackingA while back I wrote about a subtle JSON vulnerability which could result in the disclosure of sensitive information. That particular exploit involved overriding the JavaScript Array constructor to disclose the payload of a JSON array, something which most browsers do not support now. However, there’s another related exploit that seems to affect many more browsers. It was brought to my attention r
