{
    "id": "bundle--78cdfdad-383e-4ecd-8664-81655793a91f",
    "objects": [
        {
            "created": "2014-06-23T00:00:00.000Z",
            "created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd",
            "description": "On the client side, the system's design could make it difficult to get access to the JSON object content via the script tag. Since the JSON object is never assigned locally to a variable, it cannot be readily modified by the attacker before being used by a script tag. For instance, if while(1) was added to the beginning of the JavaScript returned by the server, trying to access it with a script tag would result in an infinite loop. On the other hand, legitimate client side code can remove the while(1) statement after which the JavaScript can be evaluated. A similar result can be achieved by surrounding the returned JavaScript with comment tags, or using other similar techniques (e.g. wrapping the JavaScript with HTML tags).",
            "id": "course-of-action--00b17d50-1313-4019-81d7-ac8cfda42439",
            "modified": "2022-09-29T00:00:00.000Z",
            "name": "coa-111-1",
            "object_marking_refs": [
                "marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"
            ],
            "spec_version": "2.1",
            "type": "course-of-action",
            "x_capec_version": "3.9"
        }
    ],
    "type": "bundle"
}