webpack

Webpack’s magic comments are small developer conveniences that quietly changed how bundles are named and fetched — but a subtle parsing bug in Webpack 5’s ImportParserPlugin turned those conveniences into a serious attack surface, allowing a crafted untrusted object to reach across JavaScript...