This question already has answers here:
What does the comma operator do in JavaScript?
(5 answers)
Closed 2 years ago.
I tried doing google gruyeres XSS challenges (http://google-gruyere.appspot.com/part2), and at the stored AJAX XSS challenge they have the following code part for the JSON response:
all <span style=display:none>"
+ (alert(1),"")
+ "</span>your base
The interesting part is: (alert(1),"")
According to the solution provided, the empty string gets returned. According to my testing, the alert(1) still gets exectued.
Is this some sort of function shorthand, or what would this be called in JS?
Why does it execute the alert, but then return the empty string?
Thank you very much for any help!
Best regards,
Rolf
This is the comma operator. The code executes alert(1), discards its return value, then evaluates "". Since this is the last item in the expression, its value is returned, which is empty string.
The tutorial I linked describes it as follows:
The comma operator in JavaScript evaluates each of its operands. It returns the value of the last operand. Add multiple expressions using the comma operator.
Related
This question already has answers here:
What does the comma operator do in JavaScript?
(5 answers)
Closed 2 years ago.
I really don't know what to google to find out the name for this syntax:
(1,2) seems to evaluate to 2
(1,2,3,"cake") seems to evaluate to "cake".
etc
This is sometimes useful in anonymous functions in Array.reduce, where you need to perform a sequence of operations (say an increment) and also return the element on the right.
But where can I read about it and what's it called?
It's just the comma operator: it evaluates each of its operands (from left to right) and returns the value of the last operand.
This question already has answers here:
parseInt vs unary plus, when to use which?
(6 answers)
What is the difference between parseInt() and Number()?
(11 answers)
Closed 4 years ago.
Basically, I'm trying to figure out what the difference is between these 3 statements? Is there any reason to use one instead of the others? Is the first one bad practice (it works but I never see it and doesn't seem to be taught anywhere)?
+'21';
Number('21');
parseInt('21');
parseInt parses the string up to the first non-digit number and returns what it found,
For example: parseInt('123abc') // returns 123;
Number tries to convert the entire string into a number if it can.
ForExample: Number('123abc') // returns NaN
Unary plus operator can also be used to convert a string into a number, but it is not very readable when it is being used with other expressions and operators
Internally, +'21' will work in the same way as Number('21') * 1
As far as I know the first two are completely equivalent, and the choice between them is a matter of taste. (Personally I prefer the unary + because it's more concise, and well understood by most JS developers.)
parseInt is different because it reads a number value from the start of the string and ignores the rest when it reaches a non-numeric character. A common use is getting the underlying number from a CSS value like "20px". Note that the other two methods would fail with a NaN in this case.
This question already has an answer here:
(![]+[])[+[]]... Explain why this works
(1 answer)
Closed 4 years ago.
My question is about boolean validation of below expression.
If you run (!+[]+[]+![]) in your JS console, it returns us 'truefalse'.
How is it possible? How does this logic work?
First part !+[] returns true as a Boolean. Second part []+![] is "false" as String. Concatenating Boolean with String converts the result to string and gives you at the end "truefalse".
Here is provided deep explanation to JSFuck
https://github.com/aemkei/jsfuck#how-it-works
This question already has answers here:
Why does 10..toString() work, but 10.toString() does not? [duplicate]
(3 answers)
Closed 5 years ago.
What is the logic behind 42..toString() with ..?
The double dot works and returns the string "42", whereas 42.toString() with a single dot fails.
Similarly, 42...toString() with three dots also fails.
Can anyone explain this behavior?
console.log(42..toString());
console.log(42.toString());
When you enter 42.toString() it will be parsed as 42 with decimal value "toString()" which is of course illegal. 42..toString() is simply a short version of 42.0.toString() which is fine. To get the first one to work you can simply put paranthesis around it (42).toString().
it is like 42.0.tostring() so it show's decimal point you can use (42).toString() 42 .toString() that also work there is space between 42 and dot. This is all because in javascript almost everything is object so that confusion in dot opt.
With just 42.toString(); it's trying to parse as a number with a decimal, and it fails.
and when we write 42..toString(); taken as 42.0.toString();
we can get correct output by
(42).toString();
(42.).toString();
Can refer Link for .toString() usage
This question already has answers here:
Explain +var and -var unary operator in javascript
(7 answers)
Closed 6 years ago.
I just got a bug that took some of my time to spot my searching filters weren't working because of the following code :
queryObject.search='valid==true';+searchQuery;
The good syntax is to mive the ';' in the string :
queryObject.search='valid==true;'+searchQuery;
The reasn why i didn't spot that is because the earlier line of code didn't triggered any javascript console error. So it seems it's a valid syntax.
So here is my question, how can this be a valid syntax ?
+something is an expression using the plus unary operator.
Its general purpose is to convert a value, for example a string, to a number.
+ is unary operator, which tries to get numeric value from variable.
There is a thread about it.