Bala
11/21/2014 5:35:00 PM
On Friday, November 21, 2014 8:23:37 AM UTC-8, gand...@mail.com wrote:
> I'm studying web app hacking, in particular XSS.
> The book I'm reading says:
>
> --->
> If direct calls to the eval command are not possible, you have other ways to
> execute commands in string form:
> <script>'alert(1)'.replace(/.+/,eval)</script>
> <script>function::['alert'](1)</script>
> <---
>
> I don't understand the use of eval above and I don't know what "function::" is.
May i know what book you are reading
Thanks,
Bala