XSS technique without parentheses
Tuesday, 1 May 2012
This works on every browser
apart from Firefox *, Safari and IE will just call the function with the argument but Chrome and Opera add uncaught to the argument. This is no big deal though since we can just modify it slightly and use a different object as an argument such as a string.
Thought I’d post this before this technique gets lost forever and I forget about it pretty awesome XSS eh?
* Does actually work in Firefox. My site was disabling the error handling.