在javascript函数上调用toString会返回源代码 [英] Calling toString on a javascript function returns source code
问题描述
我刚刚发现当你在javascript函数上调用toString()时,就像在 myFunction.toString()中一样,返回该函数的源代码。 / p>
如果您在Firebug或Chrome控制台中尝试它,它甚至可以很好地为您格式化,即使是最小化的JavaScript文件。
我不知道对混淆文件有什么作用。
这种toString实现的用途是什么?
它有一些用于调试的功能,因为它可以让你看到函数的代码。您可以检查函数是否已被覆盖,以及变量是否指向正确的函数。
它对混淆的javascript代码有一些用途。如果你想在javascript中进行硬核混淆,你可以将整个代码转换成一堆特殊字符,不留任何数字或字母。这种技术在很大程度上依赖于能够通过强制使用 +对所有内容进行toString调用来访问大多数字母表(例如:(![ ] +)[+ []] 是 f )。某些字母如 v 只能通过在本机函数上调用toString来访问,例如 [] .sort 。字母 v 对于混淆代码非常重要,因为它允许您调用 eval ,这样可以执行任何操作,甚至循环,不使用任何字母。 以下是此示例。
I just found out that when you call toString() on a javascript function, as in myFunction.toString(), the source code of that function is returned.
If you try it in the Firebug or Chrome console it will even go as far as formatting it nicely for you, even for minimized javascript files.
I don't know what is does for obfuscated files.
What's the use of such a toString implementation?
It has some use for debugging, since it lets you see the code of the function. You can check if a function has been overwritten, and if a variable points to the right function.
It has some uses for obfuscated javascript code. If you want to do hardcore obfuscation in javascript, you can transform your whole code into a bunch of special characters, and leave no numbers or letters. This technique relies heavily on being able to access most letters of the alphabet by forcing the toString call on everything with +"" (example : (![]+"")[+[]] is f ). Some letters like v can only be accessed by calling toString on a native function like [].sort. The letter v is important for obfuscated code, since it lets you call eval, which lets you execute anything, even loops, without using any letters. Here is an example of this.
这篇关于在javascript函数上调用toString会返回源代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
