Web - Client

Hi,I have found the two injection points and I am able to inject code inside the object but I’m completely stuck now.
Everything is blocked, I cannot use quotes, brackets and location.href / location.assign etc...even if is encoded.
If there is a way to use functions with no brackets and quotes, could someone give me some docs where I can learn how to do it ?
In case pm me, if there is spolier.

Did you get it ?