I wonder. Should one ever use minified javascript code on a server? Assuming that you are using it on your own server and not distributing the code to clients.<p>Is there any benefit to it?
Nice to read text on a clever find.<p>Could somebody please confirm or invalidate my understanding, that this backdoor is just exploitable in addition with other (severe) issues?<p>An attacker would have to have the ability to tailor/manipulate JS scripts which should be under control of the victim?<p>Or am i mistaken?
Applying DeMorgan's Law to reduce a few characters in JS seems really overkill...<p>Reading this makes it seem hardly worth saving a few bytes over.
This makes me think that there could be similar bugs in the browser, when it JIT-compiles or optimizes Javascript code. That could be used to take control of the whole browser/OS if used in an add-on/extension (given that it has sufficient privileges).