script
tag, the SOP doesn’t apply, because scripts have to be able to be included cross-domain. An attacker can thus read everything that was included using the script
tag.Array
and access to this
, a non-global variable can be leaked as well.slice
from type Array
accesses the data we’re interested in. An attacker can, as described in the preceding clause, override slice
and steal the secrets.script
tag, using the data as variable and function names.Array
constructor was able to read the complete address book of a google account.Array
.