<html>
<pre id="log"></pre>
<script>
function log(msg) {
document.getElementById("log").innerText += msg + "\n";
}
function stringify(o) {
return JSON.stringify(o, function(h,o){ if (typeof o === "function") return o.toString(); return o;})
}
var descriptors = [
{get:function getter(){}},
{set:function setter(){}},
{writable:true},
{enumerable:true},
{configurable:true},
{value:"hax0red"}
];
for (var j = 0; j < descriptors.length; j++)
try { Object.defineProperty(parent, "Object", descriptors[j]); } catch(e) { log(e) }
for (var j = 0; j < descriptors.length; j++)
try { Object.defineProperty(parent, "location", descriptors[j]); } catch(e) { log(e) }
for (var j = 0; j < descriptors.length; j++)
try { Object.defineProperty(parent, "newProperty", descriptors[j]); } catch(e) { log(e) }
for (var j = 0; j < descriptors.length; j++)
try { Object.defineProperty(parent.location, "hash", descriptors[j]); } catch(e) { log(e) }
for (var j = 0; j < descriptors.length; j++)
try { Object.defineProperty(parent.location, "search", descriptors[j]); } catch(e) { log(e) }
for (var j = 0; j < descriptors.length; j++)
try { Object.defineProperty(parent.location, "hostname", descriptors[j]); } catch(e) { log(e) }
for (var j = 0; j < descriptors.length; j++)
try { Object.defineProperty(parent.location, "pathname", descriptors[j]); } catch(e) { log(e) }
for (var j = 0; j < descriptors.length; j++)
try { Object.defineProperty(parent.location, "protocol", descriptors[j]); } catch(e) { log(e) }
for (var j = 0; j < descriptors.length; j++)
try { Object.defineProperty(parent.location, "newProperty", descriptors[j]); } catch(e) { log(e) }
for (var j = 0; j < descriptors.length; j++)
try { Object.defineProperty(parent.location, "reload", descriptors[j]); } catch(e) { log(e) }
for (var j = 0; j < descriptors.length; j++)
try { Object.defineProperty(parent.Object.prototype, "newProperty", descriptors[j]); } catch(e) { log(e) }
</script>
</html>
Codebase Browser
chromium