Anyone want to guess what this does in javascript?
-
String.prototype.code = function(){ return (new Function('with(this) { return ' + this + '}' )).call({}); };
var s = 'alert("hello!");'
s.code();
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
modified on Sunday, May 15, 2011 12:54 PM
-
String.prototype.code = function(){ return (new Function('with(this) { return ' + this + '}' )).call({}); };
var s = 'alert("hello!");'
s.code();
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
modified on Sunday, May 15, 2011 12:54 PM
At a guess, it creates a new method 'code' on the object s, that when called sets up a recursive loop to itself? Ok, it creates a prototype method that when called from a string object reads the string and converts string value to a function that executes and displays a "Hello" message box. just tried it...... :)
Dave Find Me On: Web|Facebook|Twitter|LinkedIn
Folding Stats: Team CodeProject
modified on Sunday, May 15, 2011 7:22 AM
-
String.prototype.code = function(){ return (new Function('with(this) { return ' + this + '}' )).call({}); };
var s = 'alert("hello!");'
s.code();
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
modified on Sunday, May 15, 2011 12:54 PM
-
String.prototype.code = function(){ return (new Function('with(this) { return ' + this + '}' )).call({}); };
var s = 'alert("hello!");'
s.code();
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
modified on Sunday, May 15, 2011 12:54 PM
-
String.prototype.code = function(){ return (new Function('with(this) { return ' + this + '}' )).call({}); };
var s = 'alert("hello!");'
s.code();
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
modified on Sunday, May 15, 2011 12:54 PM
Seems to me that it's just going to alert "hello!" once and that's it, but this is probably some kind of trick-question..
-
String.prototype.code = function(){ return (new Function('with(this) { return ' + this + '}' )).call({}); };
var s = 'alert("hello!");'
s.code();
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
modified on Sunday, May 15, 2011 12:54 PM
It gives you a valid reason to avoid javascript whenever possible.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
-----
You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
-----
"Why don't you tie a kerosene-soaked rag around your ankles so the ants won't climb up and eat your candy ass." - Dale Earnhardt, 1997 -
String.prototype.code = function(){ return (new Function('with(this) { return ' + this + '}' )).call({}); };
var s = 'alert("hello!");'
s.code();
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
modified on Sunday, May 15, 2011 12:54 PM
Thank you very much. We now need an article and some techniques to protect against JavaScript Injection Attacks. :)
Luc Pattyn [Forum Guidelines] [My Articles] Nil Volentibus Arduum
Please use <PRE> tags for code snippets, they preserve indentation, improve readability, and make me actually look at the code.
-
Is this a test?
The funniest thing about this particular signature is that by the time you realise it doesn't say anything it's too late to stop reading it.
Yea you didn't pass. Your time expired :P
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
-
At a guess, it creates a new method 'code' on the object s, that when called sets up a recursive loop to itself? Ok, it creates a prototype method that when called from a string object reads the string and converts string value to a function that executes and displays a "Hello" message box. just tried it...... :)
Dave Find Me On: Web|Facebook|Twitter|LinkedIn
Folding Stats: Team CodeProject
modified on Sunday, May 15, 2011 7:22 AM
I can sum it up in two words, Javascript Injection
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
-
Seems to me that it's just going to alert "hello!" once and that's it, but this is probably some kind of trick-question..
It's a rhetorical question dan. :laugh:
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
-
Thank you very much. We now need an article and some techniques to protect against JavaScript Injection Attacks. :)
Luc Pattyn [Forum Guidelines] [My Articles] Nil Volentibus Arduum
Please use <PRE> tags for code snippets, they preserve indentation, improve readability, and make me actually look at the code.
If i had the time, you can write it and use my code example.
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
-
If i had the time, you can write it and use my code example.
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
I don't think I know enough about the subject to warrant an article. :)
Luc Pattyn [Forum Guidelines] [My Articles] Nil Volentibus Arduum
Please use <PRE> tags for code snippets, they preserve indentation, improve readability, and make me actually look at the code.
-
I don't think I know enough about the subject to warrant an article. :)
Luc Pattyn [Forum Guidelines] [My Articles] Nil Volentibus Arduum
Please use <PRE> tags for code snippets, they preserve indentation, improve readability, and make me actually look at the code.
Me neither, we should get john to do it
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
-
I don't think I know enough about the subject to warrant an article. :)
Luc Pattyn [Forum Guidelines] [My Articles] Nil Volentibus Arduum
Please use <PRE> tags for code snippets, they preserve indentation, improve readability, and make me actually look at the code.
Here I just made a tip or trick out of it. http://www.codeproject.com/Tips/196535/Javascript-Injection-at-its-Finest-without-even-us.aspx[^]
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
-
String.prototype.code = function(){ return (new Function('with(this) { return ' + this + '}' )).call({}); };
var s = 'alert("hello!");'
s.code();
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
modified on Sunday, May 15, 2011 12:54 PM
I don't know why you needed to modify the string prototype, but Function and eval both allow you to dynamically execute javascript. You can also just type it directly into the address bar, use a bookmarklet or a debug console.
Curvature of the Mind now with 3D
-
String.prototype.code = function(){ return (new Function('with(this) { return ' + this + '}' )).call({}); };
var s = 'alert("hello!");'
s.code();
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
modified on Sunday, May 15, 2011 12:54 PM
Hi VectorX, That code fragment just tells me that JavaScript, like LISP, and PostScript, happens to be a programming language in which the distinction between groups of characters and executable code is trivial to blur. best, Bill
"Many : not conversant with mathematical studies, imagine that because it [the Analytical Engine] is to give results in numerical notation, its processes must consequently be arithmetical, numerical, rather than algebraical and analytical. This is an error. The engine can arrange and combine numerical quantities as if they were letters or any other general symbols; and it fact it might bring out its results in algebraical notation, were provisions made accordingly." Ada, Countess Lovelace, 1844
-
String.prototype.code = function(){ return (new Function('with(this) { return ' + this + '}' )).call({}); };
var s = 'alert("hello!");'
s.code();
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
modified on Sunday, May 15, 2011 12:54 PM
-
String.prototype.code = function(){ return (new Function('with(this) { return ' + this + '}' )).call({}); };
var s = 'alert("hello!");'
s.code();
"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain
modified on Sunday, May 15, 2011 12:54 PM
-
Thank you very much. We now need an article and some techniques to protect against JavaScript Injection Attacks. :)
Luc Pattyn [Forum Guidelines] [My Articles] Nil Volentibus Arduum
Please use <PRE> tags for code snippets, they preserve indentation, improve readability, and make me actually look at the code.
There is absolutly no need to protect against Javascript injection. Just asume it is not safe. It runs on the "attackers" machine in his/her browser. They can mess with anything they want anyway. Your application defenses should be on the server side anyway. On the other hand, using Javascript's ability to dynamically eval code from string can be extremely powerfull. --- Adar Wesley
-
There is absolutly no need to protect against Javascript injection. Just asume it is not safe. It runs on the "attackers" machine in his/her browser. They can mess with anything they want anyway. Your application defenses should be on the server side anyway. On the other hand, using Javascript's ability to dynamically eval code from string can be extremely powerfull. --- Adar Wesley
I can see your point.
Adar Wesley wrote:
Your application defenses should be on the server side anyway.
Absolutely, the main defenses are the ones on the server, I agree. :)
Luc Pattyn [Forum Guidelines] [My Articles] Nil Volentibus Arduum
Please use <PRE> tags for code snippets, they preserve indentation, improve readability, and make me actually look at the code.
