高级语法:“0[constructor][constructor]()()"- 它是如何评估代码的? [英] Advanced syntax: "0[constructor][constructor]()()" - How does it works to evaluate code?

问题描述

在代码混淆器算法中，我看到使用以下语法的一个步骤:

In a code obfuscator algorithm I see one step using this syntax:

0["constructor"]["constructor"](
    0["constructor"]["constructor"](
        "return \"alert()\""
    )();
)();

我对 javascript 的了解不再帮助我......

My knowledge of javascript help me no more ...

typeof 0                               => number
typeof 0["constructor"]                => function
typeof 0["constructor"]["constructor"] => function  

请你解释一下js解释器如何处理"这段代码?我无法理解它可以以哪种方式工作！

Please, can you explain what does the js interpreter do to 'handle' this code ? I cannot understand in which way could it work !

还有:结尾的()"是什么意思?我看不懂语法

我尝试使用 firebug js 控制台

I tried to play with firebug js console

执行

0["constructor"]["constructor"](
    "return \"alert()\""
)();

控制台输出"alert()"，(带双引号)

The console outputs "alert()", (with double quotes)

我认为它相当于一个 eval，但事实并非如此.运行这个:

I was thinked it was equivalent to an eval, but it's not. Running this:

eval( "return \"alert()\"" );

只会导致 SyntaxError: return not in function.

执行这个问题的第一个片段，完全等同于简单地执行一个alert()，所以我理解内部代码认为文本就像一个函数体并执行它，所以 inner 返回 "alert()";外层读取了最后一个字符串，认为是函数体，所以执行代码，结果是触发了alert.

Executing the first snippet of this question, is fully equivalent to simply execute a alert(), so I understand that inner code think the text is like a function body and execute it, so the inner is returning "alert()"; the outer read this last string and thinks it's a function body, so execute the code, and result is that the alert is triggerred.

但是，我再说一遍.语法是什么意思?末尾的()"有什么用?

0["constructor"]["constructor"](
    "some code to be evaluted"
)();

推荐答案

此代码正在查找 Function 构造函数，调用它以创建一个新函数，参数作为函数体的代码，然后立即调用该函数:

This code is finding the Function constructor, calling it to create a new function with the argument as the code for the function's body, then invoking that function immediately:

Function("Some code to be evaluated")()

它执行两次，一次使用 String 文字 "return \"alert()\""，然后再次使用 return第一个函数的值作为第二个函数的主体.

It does this twice, once with the String literal "return \"alert()\"", then again with the return value from the 1st function as the body for the 2nd.

var result = Function("Some code to be evaluated")()
Function(result)()

并且，它通过第一次从 0 中找到 Number，然后从 Number 中找到 Function 来获得 Function:

And, it gets Function by 1st finding Number from 0, then Function from Number:

console.log(0["constructor"] === Number); // true
console.log(Number["constructor"] === Function); // true

这篇关于高级语法:“0[constructor][constructor]()()"- 它是如何评估代码的?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！