Published 15 years 8 months ago • Last updated April 3, 2025 • ⏱️ 2 min read
I discovered while reading some Firefox code that E4X allows you to call standard functions by using the special namespace. This is cool! We can now define setters etc on the XML prototype and call functions on E4X objects. It looks like this:-
<></>function::toString();
Would Firefox be crazy enough to include this special namespace on all objects? Well they made the decision to include E4X methods on every object so I guess there's no reason that it wouldn't be included on window, it is the global object after all that means.....
function::['alert'](1)//mario discovered this :)
Yes that is why "function" is the new window. But it doesn't finish here oh no it gets even better Yosuke Hasegawa found some "magic strings". That means accessing the namespace once will be persisted throughout the browser session. Just reading a property is enough to trigger a magic string. The following syntax is perfectly valid in Firefox you crazy cats.
<></>.function::['x'];//required once in a browser session $="@mozilla.org/js/function";_="alert";$::[_](1)
I'd like to thank my fellow crazy JavaScript slackers:- Yosuke Hasegawa, Jonas Magazinius and Mario Heiderich for making Firefox appear nuts.