Join Engel in exploring the future of battery molding technology. Discover advancements in thermoplastic composites for battery housings, innovative automation solutions and the latest in large-tonnage equipment designed for e-mobility — all with a focus on cost-efficient solutions. Agenda: Learn about cutting-edge thermoplastic composites for durable, sustainable and cost-efficient battery housings Explore advanced automation concepts for efficient and scalable production See the latest large-tonnage equipment and technology innovations for e-mobility solutions

The console had some interesting results, I was getting a JavaScript parse error from the browser and not from Angular. I looked at the rewritten code see below:

The Angular sanitizer is a client side filter written in JavaScript that extends Angular to safely allow HTML bindings using attributes called ng-bind-html that contain a reference you want to filter. It then takes the input and renders it in an invisible DOM tree and applies white list filtering to the elements and attributes.

I then wondered if the same technique I used previously on the sanitizer would work here with a different native function. I thought that using charAt would successfully parse the code but return completely different output and bypass the sandbox. I tried injecting it and inspecting the rewritten output.

The second page is almost identical, but the Angular import means it can be exploited by injecting an Angular expression, and with a sandbox escape we can get XSS.

The code in bold is where the injection would happen, so the developer was clearly expecting the charCodeAt function to return an int. You could defensively code and force the value to an int but if an attacker can overwrite native functions, you are probably already owned. That bypassed the sanitizer, and using a similar technique we can break out of the sandbox.

While prices moved up for three of the five commodity resins, there was potential for a flat trajectory for the rest of the third quarter.

AngularJS is an MVC client side framework written by Google. With Angular, the HTML pages you see via view-source or Burp containing 'ng-app' are actually templates, and will be rendered by Angular. This means that if user input is directly embedded into a page, the application may be vulnerable to client-side template injection. This is true even if the user input is HTML-encoded and inside an attribute.

In this collection, which is part one of a series representing some of John’s finest work, we present you with five articles that we think you will refer to time and again as you look to solve problems, cut cycle times and improve the quality of the parts you mold.

Sustainability continues to dominate new additives technology, but upping performance is also evident. Most of the new additives have been targeted to commodity resins and particularly polyolefins.

Join KraussMaffei for an insightful webinar designed for industry professionals, engineers and anyone interested in the manufacturing processes of PVC pipes. This session will provide a comprehensive understanding of the technology behind the production of high-quality PVC pipes: from raw material preparation to final product testing. Agenda: Introduction to PVC extrusion: overview of the basic principles of PVC pipe extrusion — including the process of melting and shaping PVC resin into pipe forms Equipment and machinery: detailed explanation of the key equipment involved — such as extruders, dies and cooling systems — and their roles in the extrusion process Process parameters: insight into the critical process parameters like temperature, pressure and cooling rates that influence the quality and consistency of the final PVC pipes Energy efficiency: examination of ways to save material and energy use when extruding PVC pipe products

Naive use of the extremely popular JavaScript framework AngularJS is exposing numerous websites to Angular Template Injection. This relatively low profile sibling of server-side template injection can be combined with an Angular sandbox escape to launch cross-site scripting (XSS) attacks on otherwise secure sites. Until now, there has been no publicly known sandbox escape affecting Angular 1.3.1+ and 1.4.0+. This post will summarize the core concepts of Angular Template Injection, then show the development of a fresh sandbox escape affecting all modern Angular versions.

Let's reuse the fiddle from earlier and place a breakpoint at line 13275 inside angular.js in the sources tab in Chrome. In the watches window, add a new watch expression of "fnString". This will display our transformed output. 1+1 gets transformed to:

While the major correction in PP prices was finally underway, generally stable pricing was anticipated for the other four commodity resins.

Resin drying is a crucial, but often-misunderstood area. This collection includes details on why and what you need to dry, how to specify a dryer, and best practices.

How can you backdoor the fromCharCode function without being able to create a function? Easy: re-use an existing function! The problem is how to control the value every time fromCharCode is called. If we use the Array join function we can make the String constructor a fake array. All we need is a length property and a property of 0 for the first index of our fake array, fortunately it already has a length property because its argument length is 1. We just need to give it a 0 property. Here's how to do it:

In this three-part collection, veteran molder and moldmaker Jim Fattori brings to bear his 40+ years of on-the-job experience and provides molders his “from the trenches” perspective on on the why, where and how of venting injection molds. Take the trial-and-error out of the molding venting process.

Core Technology Molding turned to Mold-Masters E-Multi auxiliary injection unit to help it win a job and dramatically change its process.

In other words, if a page is an Angular template, we're going to have a much easier time XSSing it. There's only one catch - the sandbox. Fortunately, there is a solution.

Plastics Technology’s Tech Days is back! Every Tuesday in October, a series of five online presentations will be given by industry supplier around the following topics:  Injection Molding — New Technologies, Efficiencies Film Extrusion — New Technologies, Efficiencies Upstream/Downstream Operations Injection Molding — Sustainability Extrusion — Compounding Coming out of NPE2024, PT identified a variety of topics, technologies and trends that are driving and shaping the evolution of plastic products manufacturing — from recycling/recyclability and energy optimization to AI-based process control and automation implementation. PT Tech Days is designed to provide a robust, curated, accessible platform through which plastics professionals can explore these trends, have direct access to subject-matter experts and develop strategies for applying solutions in their operations.

To view in depth what goes on when Angular parses the code place a break point on line 14079 of angular.js, press resume once to skip the initial parse and step through the code by constantly clicking step into function in the debugger. Here you will be able to see Angular parse the code incorrectly. It will think x=alert(1) is an identifier on line 12699. The code assumes it's checking a character but in actual fact it's checking a longer string so it passes the test. See below:

The syntax error is in bold above, if the rewritten code was generating a JavaScript syntax error that would mean I can inject my own code in the rewritten output! Next I injected the following code:

This month’s resin pricing report includes PT’s quarterly check-in on select engineering resins, including nylon 6 and 66.

Mixed in among thought leaders from leading suppliers to injection molders and mold makers at the 2023 Molding and MoldMaking conferences will be molders and toolmakers themselves.

Across the show, sustainability ruled in new materials technology, from polyolefins and engineering resins to biobased materials.

Angular templates can contain expressions - JavaScript-like code snippets inside double curly braces. To see how they work have a look at the following jsfiddle:

August 29-30 in Minneapolis all things injection molding and moldmaking will be happening at the Hyatt Regency — check out who’s speaking on what topics today.

Then I thought about using [].concat; using this function would return the string as is and the argument, concatenated together. The following fiddle calls 'abc'.charCodeAt(0) so you would expect the output to be '97' (ascii a), but due to the backdoor it instead returns the base string plus the argument.

This Knowledge Center provides an overview of the considerations needed to understand the purchase, operation, and maintenance of a process cooling system.

I think this issue has only escaped wider attention so far due to the lack of known sandbox escapes for the latest Angular branches. So right now may be a good time to consider a patch management strategy for your JavaScript imports.

Introduced by Zeiger and Spark Industries at the PTXPO, the nozzle is designed for maximum heat transfer and uniformity with a continuous taper for self cleaning.

I looked at the Angular source code looking for String.fromCharCode calls, and found one instance that was pretty interesting. When parsing string literals they use it to output the value. I figured I could backdoor fromCharCode and break out of the parsed string. Here is a fiddle:

While the melting process does not provide perfect mixing, this study shows that mixing is indeed initiated during melting.

Mike Sepe has authored more than 25 ANTEC papers and more than 250 articles illustrating the importance of this interdisciplanary approach. In this collection, we present some of his best work during the years he has been contributing for Plastics Technology Magazine.

Thousands of people visit our Supplier Guide every day to source equipment and materials. Get in front of them with a free company profile.

Angular expressions are sandboxed 'to maintain a proper separation of application responsibilities'. In order to exploit users, we need to break out of the sandbox and execute arbitrary JavaScript.

Processors with sustainability goals or mandates have a number of ways to reach their goals. Biopolymers are among them.

Learn about sustainable scrap reprocessing—this resource offers a deep dive into everything from granulator types and options, to service tips, videos and technical articles.

Angular also has a couple of other functions that do security checks such as ensureSafeMemberName and ensureSafeFunction. ensureSafeMemberName checks a JavaScript property and makes sure it doesn't match __proto__ etc and ensureSafeFunction checks function calls do not call the Function constructor or call, apply and bind.

Multiple speakers at Molding 2023 will address the ways simulation can impact material substitution decisions, process profitability and simplification of mold design.

A new partner for Neste in Japan, ENEOS will use bio-intermediates based on Neste RE to produce bio-PX (Bio-Paraxylene) at its Mizushima Refinery in Okayama, Japan. The bio-PX will then be converted to PTA (Purified Terephthalic Acid) and subsequently to PET resin for Suntory to use to manufacture their PET bottles. Mitsubishi Corporation will be coordinating the collaboration between the value chain partners.   “Through partnering along the value chain, Neste can contribute to reducing the polymers and chemicals industry’s dependence on fossil resources as well as to manufacturing of products that have a lower carbon footprint,” says Lilyana Budyanto, head of sustainable partnerships APAC at Neste Renewable Polymers and Chemicals business unit.  A mass balancing approach will be applied to allocate the bio-based materials to the PET bottles.

Mold maintenance is critical, and with this collection of content we’ve bundled some of the very best advice we’ve published on repairing, maintaining, evaluating and even hanging molds on injection molding machines.

Plastics Technology covers technical and business Information for Plastics Processors in Injection Molding, Extrusion, Blow Molding, Plastic Additives, Compounding, Plastic Materials, and Resin Pricing. About Us

Take a deep dive into all of the various aspects of part quoting to ensure you’ve got all the bases—as in costs—covered before preparing your customer’s quote for services.

I continued reviewing the code for the Angular sanitizer but I could not find any calls to String.fromCharcode that would result in a bypass. I had a look for other native functions and found an interesting one: charCodeAt. If I could overwrite this value then it would get injected into an attribute without any filtering. However there is a problem: this time the "this" value will be the string literal and not the string constructor. This means I could not use the same technique to overwrite the function because I would be unable to manipulate the index or the length as this isn't writable for a string literal.

Exhibitors and presenters at the plastics show emphasized 3D printing as a complement and aid to more traditional production processes.

The Plastics Industry Association (PLASTICS) has released final figures for NPE2024: The Plastics Show (May 6-10; Orlando) that officially make it the largest ever NPE in several key metrics.

Successfully starting or restarting an injection molding machine is less about ticking boxes on a rote checklist and more about individually assessing each processing scenario and its unique variables.

Say “manufacturing automation” and thoughts immediately go to the shop floor and specialized production equipment, robotics and material handling systems. But there is another realm of possible automation — the front office.

Neste RE consists of pure hydrocarbons made from bio-based raw materials and can be used as a drop-in solution to replace fossil feedstock in the making of polymers and chemicals. Photo Credit: Neste

This sandbox escape was privately reported to Google on the 25th of September 2015, and patched in version 1.5.0 on January 15th 2016. Given the extended history of AngularJS sandbox bypasses, and Angular's insistence that the sandbox "is not intended to stop attackers", we do not regard updating Angular as a robust solution to expression injection. As such, we've released new Burp Scanner check to detect client-side template injection, and have included below an up to date list of Angular sandbox escapes.

In this collection of content, we provide expert advice on welding from some of the leading authorities in the field, with tips on such matters as controls, as well as insights on how to solve common problems in welding.

Discover how artifical intelligence is revolutionizing plastics processing. Hear from industry experts on the future impact of AI on your operations and envision a fully interconnected plant.

Trexel and Husky are cooperating on molding recyclable opaque white preforms for PET bottles, which provide a light barrier using foam instead of pigment.

Join Wittmann for an engaging webinar on the transformative impact of manufacturing execution systems (MES) in the plastic injection molding industry. Discover how MES enhances production efficiency, quality control and real-time monitoring while also reducing downtime. It will explore the integration of MES with existing systems, emphasizing compliance and traceability for automotive and medical sectors. Learn about the latest advancements in IoT and AI technologies and how they drive innovation and continuous improvement in MES. Agenda: Overview of MES benefits What is MES? Definition, role and brief history Historical perspective and evolution Longevity and analytics Connectivity: importance, standards and integration Advantages of MES: efficiency, real-time data, traceability and cost savings Emerging technologies: IoT and AI in MES

Across all process types, sustainability was a big theme at NPE2024. But there was plenty to see in automation and artificial intelligence as well.

In a time where sustainability is no longer just a buzzword, the food and beverage packaging industry is required to be at the forefront of this innovation. By adopting circular packaging processes and solutions, producers can meet regulatory requirements while also satisfying consumer demand and enhancing brand reputation. Join Husky to learn more about the broader implications of the circular economy — as well as how leading brands are leveraging this opportunity to reduce costs, increase design flexibility and boost product differentiation. Agenda: The cost and operational benefits of embracing circularity Key materials in circular packaging — including rPET and emerging bioplastics How to design a circular food and beverage package Strategies for selecting sustainable closures to future-proof packaging solutions Optimization and streamlining of production processes for enhanced efficiency How Husky Technologies can enable your sustainable success

While prices moved up for three of the five commodity resins, there was potential for a flat trajectory for the rest of the third quarter.

As you can see, Angular goes through each object in turn and checks it using the ensureSafeObject function. The ensureSafeObject function checks if the object is the Function constructor, the window object, a DOM element or the Object constructor. If any of the checks are true it will raise an exception and stop executing the expression. It also prevents access to global variables by making all references for globals look at a object property instead.

When String.fromCharCode is called you will get the string