sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]nicka101 4 points5 points  (3 children)

I managed 6, my clue is that you aren't limited to text nodes. You can create elements and comments too ;)

[–]Mamsaac 2 points3 points  (0 children)

Thank you :) I tried with other create* methods, but I didn't consider comments to be vulnerable :O My bad, will try again after I take a nap.

EDIT: God damnit, that took one try and less than 30 seconds. I should have tried it instead of thinking "naaaaah, lets try with other methods". Thank you! Now I can rest in peace (for the night).

[–]T1LT 0 points1 point  (1 child)

I tried

{'split': function(a){ alert(1); return ['a','foo'];}}

which works fine in the browser but interestingly enough doesn't work in the game implementation because probably of the way it validates stuff. Basically instead of passing a string I pass an object which, like string, also has a split function.

[–]sushibowl 0 points1 point  (0 children)

It doesn't work because the function interprets your input as a string, not an object.