Firefox weird javascript execution

By Gareth Heyes (@hackvertor)

Published 18 years 9 months ago • Last updated March 22, 2025 • ⏱️ < 1 min read

I've been reading sla.ckers quite a lot recently and I found a interesting topic on there were rsnake describes Firefox strange Javascript execution vectors which I wasn't aware of. I thought I'd share them with everyone because I'm sure you'll find them of interest.

First off there's the double // which allows you to specify a domain name without using http:// etc example:- <a href="//www.thespanner.co.uk/">Test</a>
You can also use a / to replace a space e.g. <body/s/onload=x={doc:parent.document};x.doc.writeln(1) which will execute in Firefox despite the incomplete tag and no spaces.
This is just silly :- <body/''''$/onload=x={doc:parent['document']};x.doc.writeln(1)

I think Firefox should only allow valid HTML markup before trying to execute Javascript. There are many more similar problems such as the invalid comment string which I'm sure everyone is aware of. Scary stuff.

← Back to articles

Firefox weird javascript execution

By Gareth Heyes (@hackvertor)

Published 18 years 9 months ago • Last updated March 22, 2025 • ⏱️ < 1 min read

← Back to articles

First off there's the double // which allows you to specify a domain name without using http:// etc example:- <a href="//www.thespanner.co.uk/">Test</a>
You can also use a / to replace a space e.g. <body/s/onload=x={doc:parent.document};x.doc.writeln(1) which will execute in Firefox despite the incomplete tag and no spaces.
This is just silly :- <body/''''$/onload=x={doc:parent['document']};x.doc.writeln(1)

← Back to articles