Skip to content

Valid Javascript variables

I’ve put together a simple script which will use the Javascript parser to find a list of valid variables. This information is useful to know when testing XSS filters or malicious javascript detection. Using these unusual variables I’ve manged to slip Javascript passed some very clever filters including the PHPIDS and Noscript.

Check it out here:-
Variable tester

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Slashdot
  • StumbleUpon

Comments 2

  1. Giorgio Maone wrote:

    I’m not sure you can build a meaningful XSS payload using exclusively high Unicode identifiers, but just to stay safe I’ve updated Injection Checker in NoScript 1.2.9.3 ;)

    Posted 13 Jan 2008 at 5:34 pm
  2. Gareth Heyes wrote:

    @Giorgio

    Hehe of course not but I thought the script was useful for testing against high unicode variable attacks :)

    Posted 13 Jan 2008 at 5:48 pm

Post a Comment

Your email is never published nor shared. Required fields are marked *

Comment spam protected by SpamBam