One of the impossible problems of the web is how do you protect against site that has a persistent XSS hole yet requires JavaScript to function. I thought about this for a while and worked out you could create a XSS zone where you expect user input. Declaring a zone is tricky because if you [...]

I set myself a fun challenge to create a vector that would execute in many contexts. The idea being that it should work regardless where it’s placed. For example:- “xss” ‘xss’ <tag alt=”xss”> As an added challenge I tried to execute only the one payload and where possible to use a single eval. I had [...]

I discovered while reading some Firefox code that E4X allows you to call standard functions by using the special namespace. This is cool! We can now define setters etc on the XML prototype and call functions on E4X objects. It looks like this:- <></>.function::toString(); Would Firefox be crazy enough to include this special namespace on [...]

Not posted for a while and you may have missed this on twitter. setTimeout(“MsgBox 1″,0,’VBS’); Cool so setTimeout supports vbscript as an argument. Yeah I can read MSDN but JScript.Encode!!! Yet another place. I wonder what else remains undiscovered…. setTimeout(“#@~^CAAAAA==C^+.D`8#mgIAAA==^#~@”,0,’JScript.Encode’); setInterval(“#@~^CAAAAA==C^+.D`8#mgIAAA==^#~@”,0,’JScript.Encode’);

I wasn’t gonna blog this because I couldn’t be bothered but Mario asked me if I had it documented anywhere and I guess it’s nice to have it somewhere. So I was looking to create setters in legacy browsers like IE7 and it would be nice to use them on custom objects in IE8. I [...]

Description I finally sat down and started work on a sandboxed DOM API. Originally I was just going to develop a new framework because the DOM is messy but instead I decided it would be cool to have a safe simulated DOM instead and build a framework on top of that. It isn’t complete yet [...]

Just a quick post to let you know I’ve updated Astalanumerator in case you use it somewhere. I use codeplex to host it as I thought I’d give it a whirl as I’ve seen other people host their projects and it looks decent. This version contains various CSS fixes and tracks each object within links [...]

Custom setters syntax are being removed from Firefox in the next version.. boo I here you say well at least some of you. If you don’t know Firefox decided it would create it’s own setter syntax (I love it when you do that you know) ages ago and it looked something like this:- a setter=alert,a=1//calls [...]

I hate to use the word Ajax because there’s no XML involved just nice JSON but Hackvertor now has Ajax applications! At the moment it’s very rough around the edges but it will improve when I get more spare time to work on them. What does it mean? Well you can now share actual HTML/JS [...]

Birth of the regex sandbox I decided today to do a proper blog post to explain my reasons for creating regex sandboxes. I don’t often write a lot of words on this blog partly because I’m not very good a making long meaningful sentences and partly because I think the point can often be made [...]