Quantcast
Channel: javascript – The Spanner
Browsing latest articles
Browse All 25 View Live

Decoding complex non-alphanumeric JavaScript

:0
:0
September 18, 2013, 2:14 am

@fkadev Challenged me to decode some complex non-alpha. See here http://t.co/z7lWyIu5ka. Luckily the techniques I’ve used previously such as monitoring the Function constructor calls would work in a...

View Article
Search

new operator

:0
:0
October 23, 2013, 1:17 pm

I was playing around with new operators when I noticed something cool and unexpected. If you return a function the new operator will not create a new object instance but instead return a function. This...

View Article
Image may be NSFW.
Clik here to view.

X-Domain scroll detection on IE using focus

:0
:0
December 11, 2013, 11:13 am

This is a pretty cool bug. I use the focus event on an iframe to detect if the iframe has been scrolled x-domain. It’s because IE fires the onfocus event of the iframe when the scroll occurs. This...

View Article

Sandboxed jQuery

:0
:0
February 12, 2014, 2:13 pm

My new personal challenge was to get jQuery working correctly in a sandboxed environment this proved to be really tricky. The first problem I encountered was my fake DOM environment wasn’t returning...

View Article

Bypassing the XSS filter using function reassignment

:0
:0
April 7, 2014, 10:54 am

The XSS filter introduced in IE8 is a really powerful defence against XSS. I tested the filter for a number of years and found various bypasses one of which I would like to share with you now. You can...

View Article

MentalJS bypasses

:0
:0
June 24, 2014, 2:41 pm

I managed to find time to fix a couple of MentalJS bypasses by LeverOne and Soroush Dalili (@irsdl). LeverOne’s vector was outstanding since it bypassed the parsing itself which is no easy task. The...

View Article
Image may be NSFW.
Clik here to view.

MentalJS DOM bypass

:0
:0
March 6, 2015, 1:16 pm

Ruben Ventura (@tr3w_) found a pretty cool bypass of MentalJS. He used insertBefore with a null second argument which allows you to insert a node into the dom and bypass my sandboxing restrictions. The...

View Article

How I smashed MentalJS

:0
:0
May 3, 2015, 9:08 am

.codeblock { white-space: pre; border: 1px dotted blue; background-color: lightblue; font-family: monospace; } code { border: 1px dotted blue; background-color: lightblue; } I’m proud to introduce a...

View Article
Search
Image may be NSFW.
Clik here to view.

New IE mutation vector

:0
:0
June 17, 2015, 1:27 pm

I was messing around with a filter that didn’t correctly filter attribute names and allowed a blank one which enabled me to bypass it. I thought maybe IE had similar issues when rewriting innerHTML....

View Article

Rewriting relative urls with the base tag in Safari

:0
:0
August 13, 2018, 2:24 pm

I tweeted this a while ago but Twitter sucks when it comes to finding anything and I thought it was good enough for a blog post. Way back in Safari 3.0 and Internet Explorer 5.5 and the old Opera you...

View Article
Browsing latest articles
Browse All 25 View Live
More Pages to Explore .....
Search

Latest Images

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

New $4.5 million East Bay trail path will connect bicyclists, pedestrians to...

April 18, 2024, 11:05 am
Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

Photographer Gifts for Clients / Print Packaging / 4x6 Photo Box by...

April 17, 2024, 6:48 pm
Deepfake Video of Aamir Khan circulates Online

Deepfake Video of Aamir Khan circulates Online

April 17, 2024, 3:07 am
Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

Very Hungry Caterpillar™ Shirt: World of Eric Carle™+ Little Goodall by...

April 14, 2024, 8:14 am
Have you seen Michael Wines? Burien man has been missing since Saturday,...

Have you seen Michael Wines? Burien man has been missing since Saturday,...

April 12, 2024, 3:59 pm
Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

Stay Salty POTS Awareness Stretchy Stacking Bracelets | Set of Three|...

April 11, 2024, 5:27 pm
19 Reader-Favourite March Purchases — From Steals To Splurges

19 Reader-Favourite March Purchases — From Steals To Splurges

April 11, 2024, 5:07 am
Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

Fake lip ring, silver lip ring, simple lip ring, unisex lip ring by AIRlab

April 9, 2024, 4:00 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm
People's Blog • First Pictures of the Eclipse ! ! !

People's Blog • First Pictures of the Eclipse ! ! !

April 8, 2024, 1:08 pm