发表新帖
发表新帖

Obfuscated javascript code with binary values?

前端 未结
关注
3 1222
面向向阳花
面向向阳花 2021-01-02 02:02

This code outputs D. The question is HOW?

alert([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[
3条回答
  • 温柔的废话
    温柔的废话 (楼主)
    2021-01-02 02:41

    It does some tricks with the javascript type conversions. As CMS pointed out, it's equivalent to: []['sort']['call']()["btoa"]("00")[1];

    They build the strings by pulling them out of things like false, etc.

    For example, to get the s in "sort":

    Get a "false": (![]+[]) -- ![] returns false and +[] converts it to a string.

    Get the value 3 with: !+[]+!+[]+!+[] - each !+[] returns true, but when you add booleans you get an integer representation. e.g. true + true = 2

    Get the s with string index access notation ("false"[3] = 's'): (![]+[]) [!+[]+!+[]+!+[]]

    And now you have an s. They keep doing that until they have enough to access whichever method or property they want.

    0 讨论(0)
 看不清?
提交回复
热议问题