Unicode non-character being treat as space on Firefox/Chrome
Gareth Heyes
gareth.heyes at portswigger.net
Thu May 25 10:33:34 UTC 2017
Hi all
Not sure if this is a bug or not. Non-character is being treated as a space
even though it's not defined as one. Edge and Safari treat it as an invalid
character.
```javascript
�alert�(1)�
```
In case the characters get mangled:
```javascript
eval("alert"+String.fromCharCode(65534)+"(1)");
```
Cheers
Gareth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20170525/ec453945/attachment.html>
More information about the es-discuss
mailing list