diff --git a/pentesting-web/xss-cross-site-scripting/README.md b/pentesting-web/xss-cross-site-scripting/README.md
index dae74f71..ea994642 100644
--- a/pentesting-web/xss-cross-site-scripting/README.md
+++ b/pentesting-web/xss-cross-site-scripting/README.md
@@ -952,5 +952,94 @@ Find some [**tools for XSS here**](xss-tools.md)**.**
 
 * Trick to download .map js files: [https://medium.com/@bitthebyte/javascript-for-bug-bounty-hunters-part-2-f82164917e7](https://medium.com/@bitthebyte/javascript-for-bug-bounty-hunters-part-2-f82164917e7)
 
-## \*\*\*\*
+## Other JS tricks
+
+### Arrow functions
+
+Arrow functions allow you to generate functions in a sigle line more easily \(if you understand them\)
+
+```javascript
+// Traditional
+function (a){ return a + 1; }
+// Arrow forms
+a => a + 100;
+a => {a + 100};
+
+// Traditional
+function (a, b){ return a + b + 1; }
+// Arrow
+(a, b) => a + b + 100;
+
+// Tradictional no args
+let a = 4;
+let b = 2;
+function (){ return a + b + 1; }
+
+// Arrow
+let a = 4;
+let b = 2;
+() => a + b + 1;
+```
+
+So, most of the previous functions are actually useless because we aren't saving them anywhere to save and call them. Example creating the `plusone` function:
+
+```javascript
+// Traductional
+function plusone (a){ return a + 1; }
+
+//Arrow
+plusone = a => a + 100;
+```
+
+### Bind function
+
+The bind function allow to create a **copy** of a **function modifying** the **`this`** object and the **parameters** given.
+
+```javascript
+//This will use the this object and print "Hello World"
+var fn = function ( param1, param2 ) {
+    console.info( this, param1, param2 );
+}
+fn('Hello', 'World')
+
+//This will still use the this object and print "Hello World"
+var copyFn = fn.bind();
+copyFn('Hello', 'World')
+
+//This will use the "console" object as "this" object inside the function and print "fixingparam1 Hello"
+var bindFn_change = fn.bind(console, "fixingparam1");
+bindFn_change('Hello', 'World') 
+
+//This will still use the this object and print "fixingparam1 Hello"
+var bindFn_thisnull = fn.bind(null, "fixingparam1");
+bindFn_change('Hello', 'World')
+
+//This will still use the this object and print "fixingparam1 Hello"
+var bindFn_this = fn.bind(this, "fixingparam1");
+bindFn_change('Hello', 'World')
+```
+
+{% hint style="info" %}
+Note that using **`bind`** you can manipulate the **`this`** object that is going to be used when calling the function.
+{% endhint %}
+
+### Function code leak
+
+If you can **access the object** of a function you can **get the code** of that function
+
+```javascript
+function afunc(){
+    return 1+1;
+}
+console.log(afunc.toString()); //This will print the code of the function
+console.log(String(afunc)); //This will print the code of the function
+console.log(this.afunc.toString()); //This will print the code of the function
+console.log(global.afunc.toString()); //This will print the code of the function
+```
+
+In cases where the **function doesn't have any name**, you can still print the **function code** from within:
+
+```javascript
+(function (){ return arguments.callee.toString(); })()
+```