DXR is a code search and navigation tool aimed at making sense of large projects. It supports full-text and regex searches as well as structural queries.

Line Code
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
  <script>

    var txt = document.createTextNode("");
    var b = document.createElement("b");
    var w = b["watch"];
    var txtdg = txt["__lookupGetter__"];
    w["__defineGetter__"]("toString",txtdg);
    var obj = {
      variable: 910,
      fun: function() {
        w["toString"]();
      }
    };

    function vuln()
    {
      window.status = "" + obj.variable;
      try{
        obj.fun();
      }catch(er){}
      return obj;
    }

    var ret = vuln();
  </script>
</html>