Things I did as an intern two Summers ago
https://twitter.com/NCCsecurityUS/status/849971823618007040 …
If so, eval('callback = window.opener.' + 'a; function opener(){}; alert("xss")') might work?
-
-
(The definition of "opener" gets hoisted, so by the time "window.opener" is evaluated, it evaluates to the function, avoiding the error.)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.