Window name trick
Published: Thu, 06 Sep 2007 09:47:12 GMT
Updated: Sat, 22 Mar 2025 15:38:04 GMT
I didn't know about this trick and I'm sure many others don't either. You can inject javascript into the window.name and then execute that code from the new window by using eval on the window name. How cool is that? Here's a example from Sirdarckcat:-
<pre lang="javascript"> window.name="javascript:alert((window.opener||window).document.cookie);"; </pre>The inventor of this technique Giorgio Maone is my new hero :) Giorgio also wrote the noscript plugin, simply the best Firefox plugin on the net.
Big respect to Sirdarckcat for his cool XSS as well :)