The JavaScript character wall

Gareth Heyes gareth.heyes at portswigger.net
Thu Dec 14 10:39:58 UTC 2017


Hi all

So many years ago on the sla.ckers forums Yosuke Hasegawa posted
non-alphanumeric JavaScript. We then worked together to find out the
smallest possible charset required to execute non-alphanumeric JavaScript.
We all broke the wall multiple times and Mario Heiderich found the
character limit was 6 characters. It could not be broken.....

Enter the pipeline operator and Masato Kinugawa. He found using the
specified pipeline operator he could break the wall :O. Check it out it is
awesome:

https://speakerdeck.com/masatokinugawa/shibuya-dot-xss-techtalk-number-10

I really hope the pipeline operator gets specified and implemented by the
various browsers because breaking the wall is a fantastic achievement and
it's useful too.

Cheers
Gareth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20171214/308f7f2f/attachment-0001.html>


More information about the es-discuss mailing list