Valid Javascript variables
Sunday, 13 January 2008
I’ve put together a simple script which will use the Javascript parser to find a list of valid variables. This information is useful to know when testing XSS filters or malicious javascript detection. Using these unusual variables I’ve manged to slip Javascript passed some very clever filters including the PHPIDS and Noscript.
Check it out here:-
Variable tester
No. 1 — January 13th, 2008 at 5:34 pm
I’m not sure you can build a meaningful XSS payload using exclusively high Unicode identifiers, but just to stay safe I’ve updated Injection Checker in NoScript 1.2.9.3 😉
No. 2 — January 13th, 2008 at 5:48 pm
@Giorgio
Hehe of course not but I thought the script was useful for testing against high unicode variable attacks 🙂