undefined | Better HN

0 pointsAntonyGarand4y ago0 comments

I assume he means the size of the payload remains technically below 32 while the "real" code is larger due to evaluating location.hash. `eval(location.hash.substring(1))` is 32 characters, but the hash itself can be few kilobytes

I used this to merge two tixies a while back, and execute an XSS as proof of concept [0]

[0] https://twitter.com/AntoGarand/status/1327101941760086017

0 comments

_Microft4y ago

Interesting, I thought I had exhausted the list of string modification functions when checking how to work around the hash symbol. That's nicer than my solution by far.

j / k navigate · click thread line to collapse

0 pointsAntonyGarand4y ago0 comments

I used this to merge two tixies a while back, and execute an XSS as proof of concept [0]

[0] https://twitter.com/AntoGarand/status/1327101941760086017

0 comments

_Microft4y ago

Interesting, I thought I had exhausted the list of string modification functions when checking how to work around the hash symbol. That's nicer than my solution by far.

j / k navigate · click thread line to collapse