Published 16 years ago • Last updated March 24, 2025 • ⏱️ < 1 min read
Custom setters syntax are being removed from Firefox in the next version.. boo I here you say well at least some of you. If you don't know Firefox decided it would create it's own setter syntax (I love it when you do that you know) ages ago and it looked something like this:-
a setter=alert,a=1//calls alert(1)
Whacky indeed. They decided to remove it. So I was messing with JavaScript like I do near enough every day and I stumbled upon this:-
Object.prototype.__noSuchMethod__=function(s){ alert(s); }; 1..*(1)
What was surprising was that "alert" returned "*" not 1 as you would expect. The crazyness then continued:-
Object.prototype.__noSuchMethod__=function(s){ eval(s); };1.['alert(1)']()
Not looking at MDC and still not understanding why this was happening Mario pointed out "oh it's sending the name of the function via the noSuchMethod" then big doh moment oh yeah. But then that means.....we have a new setter syntax!!!!
//existing code function x(s) { eval(s); } //our evil injection Object.prototype.__noSuchMethod__=x;new/a/['alert(1)']
If you work at Mozilla please look away now because I like this crazy syntax so don't fix it.