Things I did as an intern two Summers ago
https://twitter.com/NCCsecurityUS/status/849971823618007040 …
-
-
If so, eval('callback = window.opener.' + 'a; function opener(){}; alert("xss")') might work?
-
(The definition of "opener" gets hoisted, so by the time "window.opener" is evaluated, it evaluates to the function, avoiding the error.)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.