高级语法:“0[constructor][constructor]()()"- 它是如何评估代码的? [英] Advanced syntax: "0[constructor][constructor]()()" - How does it works to evaluate code?
问题描述
在代码混淆器算法中,我看到使用以下语法的一个步骤:
In a code obfuscator algorithm I see one step using this syntax:
0["constructor"]["constructor"](
0["constructor"]["constructor"](
"return \"alert()\""
)();
)();
我对 javascript 的了解不再帮助我......
My knowledge of javascript help me no more ...
typeof 0 => number
typeof 0["constructor"] => function
typeof 0["constructor"]["constructor"] => function
请你解释一下js解释器如何处理"这段代码?我无法理解它可以以哪种方式工作!
Please, can you explain what does the js interpreter do to 'handle' this code ? I cannot understand in which way could it work !
还有:结尾的()"是什么意思?我看不懂语法
我尝试使用 firebug js 控制台
I tried to play with firebug js console
执行
0["constructor"]["constructor"](
"return \"alert()\""
)();
控制台输出"alert()"
,(带双引号)
The console outputs "alert()"
, (with double quotes)
我认为它相当于一个 eval,但事实并非如此.运行这个:
I was thinked it was equivalent to an eval, but it's not. Running this:
eval( "return \"alert()\"" );
只会导致 SyntaxError: return not in function
.
执行这个问题的第一个片段,完全等同于简单地执行一个alert()
,所以我理解内部代码认为文本就像一个函数体并执行它,所以 inner 返回 "alert()"
;外层读取了最后一个字符串,认为是函数体,所以执行代码,结果是触发了alert.
Executing the first snippet of this question, is fully equivalent to simply execute a alert()
, so I understand that inner code think the text is like a function body and execute it, so the inner is returning "alert()"
; the outer read this last string and thinks it's a function body, so execute the code, and result is that the alert is triggerred.
但是,我再说一遍.语法是什么意思?末尾的()"有什么用?
0["constructor"]["constructor"](
"some code to be evaluted"
)();
推荐答案
此代码正在查找 Function
构造函数,调用它以创建一个新函数,参数作为函数体的代码,然后立即调用该函数:
This code is finding the Function
constructor, calling it to create a new function with the argument as the code for the function's body, then invoking that function immediately:
Function("Some code to be evaluated")()
它执行两次,一次使用 String
文字 "return \"alert()\""
,然后再次使用 return
第一个函数的值作为第二个函数的主体.
It does this twice, once with the String
literal "return \"alert()\""
, then again with the return
value from the 1st function as the body for the 2nd.
var result = Function("Some code to be evaluated")()
Function(result)()
并且,它通过第一次从 0
中找到 Number
,然后从 Number 中找到
Function
来获得 Function
代码>:
And, it gets Function
by 1st finding Number
from 0
, then Function
from Number
:
console.log(0["constructor"] === Number); // true
console.log(Number["constructor"] === Function); // true
这篇关于高级语法:“0[constructor][constructor]()()"- 它是如何评估代码的?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!