gareth.heyes at portswigger.net
Tue Dec 19 07:53:55 UTC 2017
On 18 December 2017 at 22:13, Mike Samuel <mikesamuel at gmail.com> wrote:
> Gareth, is there a working 6 character contender?
> That ycombinator thread notes that utf-8.jp/public/jsfuck.html was broken
> when the spec
> changed the semantics of .sort.call() so that it no longer returns the
> global object.
Hi Mike, Masato has broken the 6 character limit by replacing ()! with |>
because > can be used to get true or false and also call functions. You can
use .filter and the function constructor to execute non-alphanumeric
code, the sort method was just a shortcut we used before it was fixed in
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the es-discuss