I have a URL that returns a JSON with a GET parameter "cb"
The Get parameter cb takes a value as the name of the function so its like a JSONP.
This URL is sanitized but the parameter can be exploited by passing "alert" function as a parameter
example.
this URL will return a JSON wrapped by alert. Is there a way to be able to execute a custom defined function.
What I have noticed that it removes brackets and the eval method which is the sensitization process.
