I Did Not Know This About You, Javascript!

I've been investigating more or less the same things Sirdarckcat e-mailed me about today. In fact I dived deep into the most obscure Javascript ever. I'm still in research phase and I do not think it's a good idea to disclose everything, some things rang a bell, but I could not remember where I read about it before, which probably is 7 or more years ago and I probably forgot all about it. But did you know that the vectors below are allowed in browsers? <script src="myfile.anything"></script><script src="myfile.nicejavascriptthisis"></script><script src="myfile.ahnicefeaturefrombrowsers"></script>And this:<script src="myfile.jsx"></script>.JSX is actually Extended Javascript used by Adobe products like Adobe reader and Adobe Photoshop. These products execute .JSX and .JSA which is Javascript Assembly used with .JSXAnd how about this feature in MSIE which collects garbage. It is an undocumented feature and a low priority function, still who knows it could be used to actively flush the buffer in some cases:CollectGarbage();And how about writing excel files with Javascript? this is probably known, but who really cares of knowing this is even possible with Internet Explorer? Yes it requires ActiveX but if it comes from a trusted source it could be potentially dangerous stuff. see the demo: http://www.0x000000.com/hacks/excel.phpsNext up the vectors of Sirdarckcat, which is going to be filterhell for those who filter, which you shouldn't do in the first place. Some do even work in all browsers. Anyway here they are:You can follow the discussion on: http://sla.ckers.org/forum/read.php?2,13209,13218