Backdooring JavaScript using minifier bugs

I wonder. Should one ever use minified javascript code on a server? Assuming that you are using it on your own server and not distributing the code to clients.<p>Is there any benefit to it?

Nice to read text on a clever find.<p>Could somebody please confirm or invalidate my understanding, that this backdoor is just exploitable in addition with other (severe) issues?<p>An attacker would have to have the ability to tailor&#x2F;manipulate JS scripts which should be under control of the victim?<p>Or am i mistaken?

Really slick. To translate the idea behind compiler backdoors to JS minifier backdoors is pretty clever.

Applying DeMorgan&#x27;s Law to reduce a few characters in JS seems really overkill...<p>Reading this makes it seem hardly worth saving a few bytes over.

This makes me think that there could be similar bugs in the browser, when it JIT-compiles or optimizes Javascript code. That could be used to take control of the whole browser&#x2F;OS if used in an add-on&#x2F;extension (given that it has sufficient privileges).