DEV Community


Discussion on: JavaScript: Watch out for unwanted hoisting!

antogarand profile image
Antony Garand Author

Hey there, thanks for the feedback!

This is not a "best practice" use case, but one feature of ecmascript that should be known by developers.

The challenge itself is an introduction to a given scenario where you can control only part of the website, such as in a Reflected XSS, yet need to change the behavior of a constant.
In another language, I would expect the secret variable to be safe and tamper-proof, yet it is not thanks to Function Hoisting.

Of course I wouldn't recommend anyone to use this knowledge in clean code, but I definitely can see this being part of a CTF challenge or causing innatention bugs.