what is this usage of alert in javascript?

Question

Here is a xss code:

<img src=x onerror="javascript:window.onerror=alert;throw 1">

I can't understand the usage of alert here. Why we don't need parentheses after the alert? And I can't understand the behavior of browser. The browser will pop up a box and dislplay Uncaught 1. It looks like that the browser first pop up an alert box and then fill the exception string into the box. However, I am not quite sure how this happens. BTW, I tested this in chrome.

Answer 1

The window.onerror itself is a function. You can say it as a function name or better, function reference. And alert is also a name of the function, which can be called as funtion reference.

So, they are mapping the onerror with alert, i.e., when the onerror event takes place, there will be an alert.

The window.onerror being an event handler, and alert is something that alerts whatever sent into the parameter, now the onerror event handler sends the event information to the alert and yes, you get what's the error, when an error occurs.

More information about parameters and working of window.onerror. Their syntax is:

window.onerror = funcRef;

Where the funcRef is referred to alert().