The following are the recommended emoji zwj sequences, which use a U+200D ZERO WIDTH JOINER (ZWJ) to join the characters into a single glyph if available. When not available, the ZWJ characters are ignored and a fallback sequence of separate emoji is displayed.
Deseret characters are located within U+010000..U+10FFFF range and use surrogate pairs even in UTF-16, i. e. use two 'words' (erroneously called 'char's in Java).
`constructor` is the only lowercase identifier that is `in` all JavaScript objects, and can be involved in obscure XSS so can be used to abuse code that uses JavaScript objects as lookup tables.
```js
var empty = {};
if ('constuctor' in empty && empty['constructor']) {
// runs
}
empty['constructor']['constructor']('alert(1)')(); // Parses and runs
```
Made a couple of changes to the format strings:
- added more %s'. increases the chance of crashing. Sometimes the stack layout is just right and 1 or 2 %s will not cause a crash
- added %n. Should cause a crash, even if several other specifiers don't
- added %@, this is for objective-c format functions.
The massive adoption of Promises made many programs potentially vulnerable to "accidental Promises".
In short, a program might take user input and produce an object as such:
```js
{
[userInput]: AnyFunction
}
```
...when the object above is given to a Promise, nothing breaks until the user input is exactly `"then"`. Once it's *then*, a Promise will assume that the object as another Promise, and in trying to assimilate this accidental Promise the function will be called. After that, one of three things will happen
1. The function calls one of the continuations provided by the Promise, and the program continues with some unexpected data (this is highly unlikely)
1. The program hangs and never terminates (if the function stores input in memory)
1. The program terminates early, failing to execute any other chained Promises (the more likely case)
For more in-depth information, please refer to the appropriate sections in the articles I've written regarding this issue:
1. [Broken Promises - Specialized API](https://medium.com/@avaq/broken-promises-2ae92780f33#6828)
1. [A clarification with examples to the article above](https://medium.com/@avaq/im-referring-to-the-fact-that-a-promise-is-eagerly-evaluated-as-opposed-to-lazily-evaluated-5385cc519e3b#33cd) (see the part under "I never found myself creating an object with a then method")
These two characters change byte length when lowercased which is quite
unique behavior. This can potentially cause issues where assumptions
about input length == length after processing.
This string can cause some modems to disconnect. Years ago, I triggered
this behavior accidentally when, for an unrelated reason, my email
signature contained the string. Mail sent to a mailing list caused some
subscribers' modems to disconnect.
Explained here, in the final paragraph under "Hayes' Solution":
https://en.wikipedia.org/wiki/Hayes_command_set
Adding string containing three ด้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็็้้้้้้้้็็็็็้้้้้็็็็ characters that often causes rendering issues.
It’s common in JavaScript to use input as a key in an object and check
for the existence of keys using `obj.hasOwnProperty(key)` instead of
`Object.prototype.hasOwnProperty.call(obj, key)`.
Isaac Huang
Max Woolf
Dmytro Doroshenko
trya
Travis Manning
Mike
MohamadKh75
Mike Samuel
Dominik Herold
Jason Howell
Lifeng Dong
James Osborn
dospunk
iljavs
Dylan Katz
Aldwin Vlasblom
Luke
David King
Zack Weinberg
Eric Wastl
Anthony Steele
hjkuijf
Jeff Sharp
Bart Riepe
Romain Gehrig
Paweł Chorążyk
eedrah
Romuald Brunet
Charmander
Christine Dodrill
Mohamed Amine Aboura
Nick Smith
benpious