Valid Javascript variables

I’ve put together a simple script which will use the Javascript parser to find a list of valid variables. This information is useful to know when testing XSS filters or malicious javascript detection. Using these unusual variables I’ve manged to slip Javascript passed some very clever filters including the PHPIDS and Noscript.

Check it out here:-
Variable tester

2 Responses to “Valid Javascript variables”

  1. Giorgio Maone writes:

    I’m not sure you can build a meaningful XSS payload using exclusively high Unicode identifiers, but just to stay safe I’ve updated Injection Checker in NoScript 😉

  2. Gareth Heyes writes:


    Hehe of course not but I thought the script was useful for testing against high unicode variable attacks 🙂