Anyone want to guess what this does in javascript?

M dHatter

It's a rhetorical question dan. :laugh:

"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain

M dHatter

If i had the time, you can write it and use my code example.

"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain

Luc Pattyn

I don't think I know enough about the subject to warrant an article. :)

Luc Pattyn [Forum Guidelines] [My Articles] Nil Volentibus Arduum

Please use <PRE> tags for code snippets, they preserve indentation, improve readability, and make me actually look at the code.

M dHatter

Me neither, we should get john to do it

"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain

M dHatter

Here I just made a tip or trick out of it. http://www.codeproject.com/Tips/196535/Javascript-Injection-at-its-Finest-without-even-us.aspx[^]

"I do not know with what weapons World War 3 will be fought, but World War 4 will be fought with sticks and stones." Einstein "Few things are harder to put up with than the annoyance of a good example." Mark Twain

Andy Brummer

I don't know why you needed to modify the string prototype, but Function and eval both allow you to dynamically execute javascript. You can also just type it directly into the address bar, use a bookmarklet or a debug console.

Curvature of the Mind now with 3D

BillWoodruff

Hi VectorX, That code fragment just tells me that JavaScript, like LISP, and PostScript, happens to be a programming language in which the distinction between groups of characters and executable code is trivial to blur. best, Bill

"Many : not conversant with mathematical studies, imagine that because it [the Analytical Engine] is to give results in numerical notation, its processes must consequently be arithmetical, numerical, rather than algebraical and analytical. This is an error. The engine can arrange and combine numerical quantities as if they were letters or any other general symbols; and it fact it might bring out its results in algebraical notation, were provisions made accordingly." Ada, Countess Lovelace, 1844

Vic Rauch

And now, to the unexpecting, there are people on facebook asking others on facebook to copy something and paste that into the address bar. It then sends itself to all of the user's facebook friends. Very insidious!

dpminusa

I wonder what this lisp is all about. Hmmm... void(0).

"Courtesy is the product of a mature, disciplined mind ... ridicule is lack of the same - DPM"

Adar Wesley

There is absolutly no need to protect against Javascript injection. Just asume it is not safe. It runs on the "attackers" machine in his/her browser. They can mess with anything they want anyway. Your application defenses should be on the server side anyway. On the other hand, using Javascript's ability to dynamically eval code from string can be extremely powerfull. --- Adar Wesley

Luc Pattyn

I can see your point.

Adar Wesley wrote:

Your application defenses should be on the server side anyway.

Absolutely, the main defenses are the ones on the server, I agree. :)

Luc Pattyn [Forum Guidelines] [My Articles] Nil Volentibus Arduum

Please use <PRE> tags for code snippets, they preserve indentation, improve readability, and make me actually look at the code.