Tuesday 17 March 2020, 04:09 #3
Web - Client|XSS-DOM-based
there is still a way to use string without quotes in the js world. if you don’t know it on top of your head, it’s probably something you haven’t come across yet. sometimes we just don’t know what we don’t know. keep learning new stuff. something to do with strings, but not strings.
Tuesday 24 March 2020, 06:50 #4
Web - Client|XSS-DOM-based
Hi, I was wondering how a function can be executed without parentheses. Perhaps I found where to inject code but my approach needs a custom function, but I can’t define one or execute one because ’">()+ are filtered. Am I on the right track?