Through AJAX I receive random string (built at RUNTIME on the server) that contain some JavaScript code like:
Plugins.add('test', function()
{
return
{
html: '<div>test</div>',//EDITED
width: 200
}
});//EDITED
In the client I want to be able to execute this code. I tried using eval function like this
eval("(" + str + ")");
but I get error. I removed all "\r\n" and removed the last ";"(semicolon) and after that eval function succeeded. But, If I add some comment to the code above, eval fails.
How I can run the code from the string?
Just remove those parenthesis:
eval(str);
asssuming that you made a typo in your question and your server is sending the missing end parenthesis and comma within the object:
Plugins.add('test', function()
{
return {
html: '<div>test</div>', // <-- comma was missing
width: 200
};
}
); // <-- was missing
Note that eval() is considered "evil" as it is very dangerous.
new Function(str)()
or for JSON:
new Function('return ' + str)();
If it happens to fit your needs any better than eval. It's still evil like eval.
You are missing a comma in your object literal. Return on its own line will simply drop out of the function. I assume you want to return the object. You need to specify the return value on the same line.
Plugins.add('test', function() {
var ret = {
html: '<div>test</div>',
width: 200,
}
return ret
};
You could return your string with a content type of "text/javascript" or "application/x-javascript" - the return value will be executed as JavaScript as soon as it is returned.
Related
I have tried to do it, but all I get is that output: ---> Symbol(Test)
Is it even possible to get output like this(with single quotes in it): ---> Symbol('Test')
function getUnique(param) {
param = Symbol(param);
return param;
}
console.log(getUnique('Test')) // Symbol('Test') <--- I need to get that output
[Updated] Not sure if this is what you want...
function getUnique(param) {
param = Symbol("'" + param + "'");
return param;
}
console.log(getUnique('Test'))
The representation of what gets printed at the console is implementation dependent and could even vary from version to version of the same implementation. Running it in latest chrome gives an output of Symbol(Test) and firefox gives Symbol("Test"). It's the same thing either way: the console printed output is just a representation of the thing. It isn't actually any different, it's still a unique Symbol 'Test'.
I may be completely misunderstanding your question, but if you mean
Symbol('Test') <--- I need to get that output
You can append the single quote characters to the string like so:
const getUnique = (param) => {
const sym = Symbol(param);
return sym;
}
console.log(getUnique(`'test'`))
So I came across an interesting piece of javascript that I can't quit figure out. It appears to me at first to be either regex function or a unicode string, that is then passed onto an eval function for processing. I have been trying for quite some time to decode it, but I don't seem to be making any headway. I'm hoping someone might be able to tell me what is going on here, and maybe show me how to decode it.
Edit: So it turns out that the code I posted before was flawed from a previous decoding attempt. This is the corrected code.
$(window).load(function() {
var d = '960';
var d1 = '960';
var q = 'u94';
var uw = $("#u94");
var _0xf924 = ["1m B=[\"\\a\\l\\v\\e\\k\\t\\d\\s\\9\\a\\a\\9\\a\\e\\9\\h\\g\\9\\i\\j\\9\\a\\g\\9\\a\\e\\9\\a\\g\\9\\f\\l\\9\\a\\j\\9\\h\\h\\9\\i\\b\\9\\h\\e\\9\\a\\k\\9\\a\\i\\9\\h\\e\\9\\h\\k\\9\\b\\b\\l\\9\\k\\b\\9\\a\\a\\9\\a\\e\\9\\h\\g\\9\\i\\j\\9\\a\\g\\9\\a\\e\\9\\a\\g\\9\\f\\l\\9\\a\\j\\9\\h\\h\\9\\i\\b\\9\\h\\e\\9\\k\\g\\9\\k\\j\\9\\h\\e\\9\\h\\k\\s\\m\\s\\9\\a\\g\\9\\a\\e\\9\\a\\g\\9\\f\\l\\9\\a\\j\\s\\m\\s\\9\\a\\f\\9\\a\\g\\9\\a\\g\\9\\a\\k\\s\\m\\s\\9\\b\\g\\f\\9\\f\\j\\9\\a\\f\\9\\h\\b\\9\\a\\j\\s\\m\\s\\9\\h\\g\\9\\a\\e\\9\\f\\e\\9\\a\\e\\9\\h\\l\\9\\f\\l\\9\\a\\j\\s\\m\\s\\9\\h\\f\\9\\f\\e\\9\\f\\e\\s\\m\\s\\9\\h\\a\\9\\h\\b\\9\\a\\k\\9\\f\\j\\9\\a\\j\\9\\f\\l\\9\\a\\j\\9\\f\\k\\s\\m\\s\\9\\b\\b\\g\\9\\a\\e\\9\\f\\i\\9\\a\\a\\s\\m\\s\\9\\h\\a\\9\\b\\j\\l\\9\\i\\i\\9\\a\\g\\9\\a\\g\\9\\a\\h\\9\\f\\i\\9\\i\\j\\9\\a\\g\\9\\a\\e\\9\\a\\g\\9\\f\\l\\9\\a\\j\\9\\h\\h\\9\\i\\b\\9\\k\\h\\9\\a\\k\\9\\a\\i\\9\\k\\h\\9\\h\\k\\9\\b\\b\\l\\9\\k\\b\\9\\h\\a\\9\\b\\j\\l\\9\\i\\i\\9\\a\\g\\9\\a\\g\\9\\a\\h\\9\\f\\i\\9\\i\\j\\9\\a\\g\\9\\a\\e\\9\\a\\g\\9\\f\\l\\9\\a\\j\\9\\h\\h\\9\\i\\b\\9\\k\\h\\9\\a\\k\\9\\a\\i\\9\\k\\h\\9\\h\\k\\s\\m\\s\\9\\a\\e\\9\\a\\a\\s\\m\\s\\9\\f\\k\\9\\a\\f\\9\\a\\g\\9\\h\\f\\9\\a\\i\\s\\m\\s\\9\\f\\k\\9\\a\\f\\9\\f\\j\\s\\m\\s\\9\\f\\e\\9\\f\\j\\9\\f\\l\\9\\a\\e\\9\\a\\g\\s\\m\\s\\9\\k\\g\\9\\k\\j\\s\\m\\s\\9\\a\\k\\9\\a\\i\\s\\m\\s\\s\\m\\s\\9\\k\\g\\9\\a\\i\\s\\m\\s\\9\\k\\b\\s\\m\\s\\9\\a\\k\\9\\a\\j\\9\\f\\j\\9\\f\\l\\9\\a\\f\\9\\h\\f\\9\\a\\j\\s\\m\\s\\9\\b\\g\\e\\9\\a\\h\\9\\a\\h\\9\\b\\g\\e\\9\\a\\j\\9\\a\\j\\9\\f\\a\\9\\k\\g\\9\\a\\j\\9\\f\\e\\9\\f\\j\\9\\a\\h\\9\\f\\i\\9\\f\\e\\9\\a\\e\\9\\h\\g\\9\\a\\j\\9\\f\\a\\9\\k\\j\\9\\a\\j\\9\\a\\e\\9\\h\\b\\9\\a\\i\\9\\a\\g\\s\\m\\s\\9\\a\\f\\9\\a\\a\\9\\a\\a\\9\\b\\l\\g\\9\\f\\l\\9\\a\\f\\9\\f\\e\\9\\f\\e\\s\\m\\s\\9\\h\\l\\9\\a\\h\\9\\a\\a\\9\\b\\j\\g\\s\\m\\s\\9\\h\\a\\9\\h\\l\\9\\a\\k\\9\\a\\j\\9\\a\\f\\9\\b\\j\\f\\9\\f\\j\\9\\a\\h\\9\\a\\e\\9\\f\\i\\9\\a\\g\\9\\h\\a\\9\\a\\f\\9\\h\\f\\9\\a\\g\\9\\a\\e\\9\\h\\g\\9\\a\\j\\s\\m\\s\\9\\a\\i\\9\\a\\f\\9\\f\\e\\9\\b\\l\\g\\9\\f\\l\\9\\a\\f\\9\\f\\e\\9\\f\\e\\s\\m\\s\\9\\b\\g\\f\\s\\m\\s\\9\\f\\k\\9\\a\\e\\9\\f\\i\\9\\f\\a\\9\\k\\f\\9\\a\\e\\9\\a\\a\\9\\a\\g\\9\\a\\i\\s\\m\\s\\9\\a\\a\\9\\a\\f\\9\\a\\g\\9\\a\\f\\s\\m\\s\\9\\f\\k\\9\\a\\f\\9\\b\\l\\l\\9\\f\\a\\9\\k\\f\\9\\a\\e\\9\\a\\a\\9\\a\\g\\9\\a\\i\\s\\m\\s\\9\\i\\i\\9\\f\\i\\9\\a\\a\\9\\a\\j\\9\\b\\b\\g\\9\\a\\e\\9\\f\\i\\9\\a\\j\\9\\a\\a\\s\\m\\s\\9\\f\\j\\9\\a\\f\\9\\h\\b\\9\\a\\j\\s\\m\\s\\9\\b\\g\\e\\9\\a\\h\\9\\a\\h\\9\\b\\g\\e\\9\\a\\j\\9\\a\\j\\9\\h\\a\\9\\h\\f\\9\\a\\h\\9\\f\\k\\9\\f\\a\\s\\m\\s\\9\\h\\a\\9\\h\\l\\9\\a\\k\\9\\a\\j\\9\\a\\f\\9\\b\\j\\f\\9\\f\\j\\9\\a\\h\\9\\a\\e\\9\\f\\i\\9\\a\\g\\9\\h\\a\\9\\a\\f\\9\\h\\f\\9\\a\\g\\9\\a\\e\\9\\h\\g\\9\\a\\j\\9\\k\\b\\9\\b\\g\\f\\9\\f\\j\\9\\a\\f\\9\\h\\b\\9\\a\\j\\s\\m\\s\\9\\a\\a\\9\\a\\f\\9\\a\\g\\9\\a\\f\\9\\f\\a\\9\\a\\i\\9\\b\\b\\g\\9\\b\\l\\j\\s\\m\\s\\9\\a\\i\\9\\a\\j\\9\\a\\e\\9\\h\\b\\9\\a\\i\\9\\a\\g\\s\\m\\s\\9\\f\\k\\9\\a\\e\\9\\f\\i\\9\\f\\a\\9\\a\\i\\9\\a\\j\\9\\a\\e\\9\\h\\b\\9\\a\\i\\9\\a\\g\\s\\m\\s\\9\\a\\h\\9\\i\\i\\9\\a\\g\\9\\a\\j\\9\\a\\k\\9\\k\\j\\9\\a\\j\\9\\a\\e\\9\\h\\b\\9\\a\\i\\9\\a\\g\\s\\m\\s\\9\\f\\j\\9\\b\\l\\l\\s\\m\\s\\9\\f\\j\\9\\a\\f\\9\\a\\a\\9\\a\\a\\9\\a\\e\\9\\f\\i\\9\\h\\b\\9\\f\\a\\9\\a\\g\\9\\a\\h\\9\\f\\j\\s\\m\\s\\9\\f\\j\\9\\a\\f\\9\\a\\a\\9\\a\\a\\9\\a\\e\\9\\f\\i\\9\\h\\b\\9\\f\\a\\9\\h\\l\\9\\a\\h\\9\\a\\g\\9\\a\\g\\9\\a\\h\\9\\f\\k\\s\\m\\s\\9\\a\\h\\9\\i\\i\\9\\a\\g\\9\\a\\j\\9\\a\\k\\9\\b\\e\\g\\9\\a\\e\\9\\a\\a\\9\\a\\g\\9\\a\\i\\s\\m\\s\\9\\k\\f\\9\\a\\e\\9\\a\\a\\9\\a\\g\\9\\a\\i\\s\\m\\s\\9\\a\\k\\9\\a\\j\\9\\f\\k\\9\\a\\h\\9\\h\\g\\9\\a\\j\\s\\m\\s\\9\\h\\l\\9\\a\\h\\9\\a\\k\\9\\a\\a\\9\\a\\j\\9\\a\\k\\9\\f\\a\\9\\a\\g\\9\\a\\h\\9\\f\\j\\9\\f\\a\\9\\k\\f\\9\\a\\e\\9\\a\\a\\9\\a\\g\\9\\a\\i\\s\\m\\s\\9\\h\\l\\9\\a\\h\\9\\a\\k\\9\\a\\a\\9\\a\\j\\9\\a\\k\\9\\f\\a\\9\\h\\l\\9\\a\\h\\9\\a\\g\\9\\a\\g\\9\\a\\h\\9\\f\\k\\9\\f\\a\\9\\k\\f\\9\\a\\e\\9\\a\\a\\9\\a\\g\\9\\a\\i\\s\\m\\s\\9\\a\\k\\9\\a\\j\\9\\f\\e\\9\\a\\e\\9\\b\\l\\j\\9\\a\\j\\s\\m\\s\\9\\a\\k\\9\\a\\j\\9\\f\\k\\9\\a\\h\\9\\h\\g\\9\\a\\j\\9\\b\\l\\k\\9\\a\\g\\9\\a\\g\\9\\a\\k\\s\\m\\s\\9\\a\\j\\9\\a\\f\\9\\h\\f\\9\\a\\i\\s\\m\\s\\9\\h\\h\\9\\i\\j\\9\\a\\g\\9\\a\\e\\9\\a\\g\\9\\f\\l\\9\\a\\j\\9\\h\\h\\9\\i\\b\\9\\h\\e\\9\\a\\k\\9\\a\\i\\9\\h\\e\\9\\h\\k\\9\\b\\b\\l\\9\\k\\b\\9\\a\\a\\9\\a\\e\\9\\h\\g\\9\\i\\j\\9\\a\\g\\9\\a\\e\\9\\a\\g\\9\\f\\l\\9\\a\\j\\9\\h\\h\\9\\i\\b\\9\\h\\e\\9\\k\\g\\9\\k\\j\\9\\h\\e\\9\\h\\k\\s\\c\\u\\a\\l\\v\\b\\l\\a\\t\\x\\r\\e\\k\\d\\g\\c\\q\\u\\a\\l\\v\\b\\j\\h\\t\\b\\l\\a\\d\\e\\k\\d\\j\\c\\c\\r\\e\\k\\d\\b\\c\\q\\u\\f\\h\\r\\X\\x\\r\\e\\k\\d\\l\\c\\q\\d\\g\\c\\q\\z\\b\\l\\h\\d\\e\\k\\d\\a\\c\\c\\r\\z\\s\\9\\h\\g\\9\\a\\e\\9\\f\\e\\9\\a\\e\\9\\h\\l\\9\\a\\e\\9\\f\\l\\9\\a\\e\\9\\a\\g\\9\\b\\j\\g\\s\\1f\\e\\k\\d\\e\\c\\A\\q\\A\\u\\x\\r\\e\\k\\d\\i\\c\\q\\d\\e\\k\\d\\h\\c\\c\\r\\e\\k\\d\\f\\c\\q\\d\\e\\k\\d\\j\\c\\c\\r\\e\\k\\d\\b\\c\\m\\b\\j\\h\\q\\u\\x\\r\\e\\k\\d\\e\\h\\c\\q\\d\\e\\k\\d\\e\\f\\c\\c\\r\\k\\k\\r\\q\\z\\a\\l\\v\\h\\j\\t\\d\\e\\k\\d\\k\\c\\m\\e\\k\\d\\j\\c\\m\\e\\k\\d\\b\\c\\m\\e\\k\\d\\b\\g\\c\\m\\e\\k\\d\\b\\b\\c\\m\\e\\k\\d\\b\\j\\c\\c\\u\\a\\l\\v\\i\\g\\t\\x\\r\\b\\l\\f\\q\\u\\a\\l\\v\\i\\a\\t\\i\\g\\d\\h\\j\\d\\b\\c\\c\\r\\h\\j\\d\\g\\c\\q\\u\\a\\l\\v\\b\\b\\k\\t\\i\\g\\d\\h\\j\\d\\b\\c\\c\\r\\h\\j\\d\\j\\c\\q\\u\\a\\l\\v\\b\\g\\a\\t\\z\\A\\u\\b\\b\\k\\d\\h\\j\\d\\a\\c\\c\\r\\q\\d\\h\\j\\d\\e\\c\\c\\r\\k\\k\\r\\b\\b\\i\\q\\z\\b\\g\\a\\d\\b\\b\\i\\d\\h\\j\\d\\l\\c\\c\\r\\D\\d\\b\\e\\b\\S\\b\\l\\i\\c\\y\\D\\b\\j\\b\\q\\d\\g\\c\\c\\t\\b\\b\\i\\d\\h\\j\\d\\l\\c\\c\\r\\D\\d\\g\\S\\k\\c\\y\\D\\b\\j\\b\\q\\d\\g\\c\\A\\q\\u\\a\\l\\v\\f\\b\\t\\d\\e\\k\\d\\b\\l\\c\\m\\e\\k\\d\\b\\e\\c\\m\\e\\k\\d\\b\\a\\c\\m\\e\\k\\d\\b\\f\\c\\m\\e\\k\\d\\b\\h\\c\\m\\e\\k\\d\\b\\i\\c\\m\\e\\k\\d\\b\\c\\m\\e\\k\\d\\j\\c\\c\\u\\a\\l\\v\\h\\i\\t\\b\\g\\a\\d\\f\\b\\d\\g\\c\\c\\u\\f\\h\\r\\h\\i\\t\\t\\b\\e\\l\\q\\z\\h\\i\\t\\b\\g\\a\\d\\f\\b\\d\\b\\c\\c\\A\\u\\a\\l\\v\\b\\j\\e\\t\\f\\b\\d\\b\\c\\y\\h\\i\\y\\f\\b\\d\\j\\c\\u\\a\\l\\v\\b\\j\\a\\t\\f\\b\\d\\l\\c\\y\\h\\i\\y\\f\\b\\d\\j\\c\\u\\a\\l\\v\\b\\j\\j\\t\\b\\b\\k\\d\\f\\b\\d\\a\\c\\c\\r\\b\\j\\e\\m\\f\\b\\d\\j\\c\\q\\d\\f\\b\\d\\a\\c\\c\\r\\b\\j\\a\\m\\f\\b\\d\\j\\c\\q\\d\\f\\b\\d\\a\\c\\c\\r\\f\\b\\d\\e\\c\\m\\f\\b\\d\\j\\c\\q\\u\\i\\g\\d\\f\\b\\d\\h\\c\\c\\r\\f\\b\\d\\f\\c\\m\\b\\j\\j\\q\\u\\a\\l\\v\\b\\g\\l\\t\\g\\u\\f\\h\\r\\h\\i\\t\\t\\f\\b\\d\\j\\c\\q\\z\\b\\g\\l\\t\\b\\A\\u\\a\\l\\v\\a\\b\\t\\d\\e\\k\\d\\b\\k\\c\\m\\e\\k\\d\\j\\g\\c\\m\\e\\k\\d\\j\\b\\c\\m\\e\\k\\d\\j\\j\\c\\m\\e\\k\\d\\j\\l\\c\\m\\e\\k\\d\\j\\e\\c\\m\\e\\k\\d\\h\\c\\m\\e\\k\\d\\j\\a\\c\\m\\e\\k\\d\\j\\f\\c\\m\\e\\k\\d\\j\\h\\c\\m\\e\\k\\d\\k\\c\\m\\e\\k\\d\\j\\c\\m\\e\\k\\d\\b\\a\\c\\m\\e\\k\\d\\j\\i\\c\\m\\e\\k\\d\\j\\k\\c\\m\\e\\k\\d\\l\\g\\c\\m\\e\\k\\d\\l\\b\\c\\m\\e\\k\\d\\l\\j\\c\\m\\e\\k\\d\\l\\l\\c\\m\\e\\k\\d\\a\\c\\m\\e\\k\\d\\l\\e\\c\\m\\e\\k\\d\\l\\a\\c\\m\\e\\k\\d\\l\\f\\c\\m\\e\\k\\d\\b\\i\\c\\m\\e\\k\\d\\l\\h\\c\\m\\e\\k\\d\\l\\i\\c\\m\\e\\k\\d\\l\\c\\m\\e\\k\\d\\l\\k\\c\\m\\e\\k\\d\\e\\g\\c\\m\\e\\k\\d\\e\\b\\c\\m\\e\\k\\d\\e\\j\\c\\m\\e\\k\\d\\e\\l\\c\\m\\e\\k\\d\\e\\e\\c\\m\\e\\k\\d\\b\\c\\m\\e\\k\\d\\e\\a\\c\\c\\u\\a\\l\\v\\b\\b\\b\\t\\g\\u\\a\\l\\v\\b\\e\\j\\t\\g\\u\\a\\l\\v\\b\\b\\e\\t\\g\\u\\a\\l\\v\\k\\e\\t\\g\\u\\a\\l\\v\\k\\l\\t\\g\\u\\x\\r\\a\\b\\d\\j\\c\\q\\d\\a\\b\\d\\b\\c\\c\\r\\a\\b\\d\\g\\c\\q\\u\\k\\k\\v\\b\\b\\f\\r\\q\\z\\a\\l\\v\\e\\i\\t\\d\\a\\b\\d\\l\\c\\m\\a\\b\\d\\g\\c\\m\\a\\b\\d\\e\\c\\m\\a\\b\\d\\j\\c\\m\\a\\b\\d\\a\\c\\m\\a\\b\\d\\f\\c\\m\\a\\b\\d\\h\\c\\m\\a\\b\\d\\i\\c\\m\\a\\b\\d\\k\\c\\m\\a\\b\\d\\b\\g\\c\\m\\a\\b\\d\\b\\b\\c\\m\\a\\b\\d\\b\\j\\c\\m\\a\\b\\d\\b\\l\\c\\m\\a\\b\\d\\b\\e\\c\\m\\a\\b\\d\\b\\a\\c\\m\\a\\b\\d\\b\\c\\m\\a\\b\\d\\b\\f\\c\\m\\a\\b\\d\\b\\h\\c\\m\\a\\b\\d\\b\\i\\c\\m\\a\\b\\d\\b\\k\\c\\m\\a\\b\\d\\j\\g\\c\\m\\a\\b\\d\\j\\b\\c\\m\\a\\b\\d\\j\\j\\c\\m\\a\\b\\d\\j\\l\\c\\m\\a\\b\\d\\j\\e\\c\\m\\a\\b\\d\\j\\a\\c\\m\\a\\b\\d\\j\\f\\c\\m\\a\\b\\d\\j\\h\\c\\m\\a\\b\\d\\j\\i\\c\\m\\a\\b\\d\\j\\k\\c\\c\\u\\f\\h\\r\\x\\r\\e\\i\\d\\g\\c\\q\\d\\g\\c\\Q\\Q\\x\\r\\e\\i\\d\\l\\c\\q\\d\\e\\i\\d\\j\\c\\c\\r\\e\\i\\d\\b\\c\\q\\q\\z\\a\\l\\v\\f\\f\\t\\x\\r\\e\\i\\d\\g\\c\\q\\d\\e\\i\\d\\a\\c\\c\\r\\e\\i\\d\\e\\c\\y\\i\\a\\q\\u\\a\\l\\v\\b\\l\\e\\t\\x\\r\\e\\i\\d\\g\\c\\q\\d\\e\\i\\d\\h\\c\\c\\r\\e\\i\\d\\f\\c\\q\\u\\a\\l\\v\\i\\l\\t\\x\\r\\e\\i\\d\\g\\c\\q\\d\\e\\i\\d\\h\\c\\c\\r\\e\\i\\d\\i\\c\\q\\u\\a\\l\\v\\i\\h\\t\\x\\r\\e\\i\\d\\g\\c\\q\\d\\e\\i\\d\\b\\g\\c\\c\\r\\e\\i\\d\\k\\c\\q\\u\\f\\h\\r\\e\\i\\d\\b\\b\\c\\y\\i\\l\\y\\e\\i\\d\\b\\b\\c\\t\\t\\t\\e\\i\\d\\b\\j\\c\\q\\z\\i\\l\\t\\b\\l\\e\\A\\A\\b\\g\\i\\z\\a\\l\\v\\f\\f\\t\\i\\g\\u\\a\\l\\v\\i\\h\\t\\e\\i\\d\\b\\l\\c\\u\\a\\l\\v\\i\\l\\t\\b\\g\\j\\A\\u\\x\\r\\e\\i\\d\\b\\f\\c\\q\\d\\e\\i\\d\\b\\a\\c\\c\\r\\e\\i\\d\\b\\e\\c\\y\\i\\k\\q\\u\\x\\r\\e\\i\\d\\g\\c\\q\\d\\e\\i\\d\\b\\g\\c\\c\\r\\e\\i\\d\\b\\h\\c\\m\\e\\i\\d\\b\\c\\q\\u\\f\\h\\r\\b\\b\\b\\X\\t\\i\\h\\q\\z\\f\\f\\t\\x\\r\\e\\i\\d\\e\\c\\y\\i\\h\\q\\d\\e\\i\\d\\a\\c\\c\\r\\e\\i\\d\\e\\c\\y\\i\\a\\q\\u\\f\\f\\d\\e\\i\\d\\b\\k\\c\\c\\r\\e\\i\\d\\b\\i\\c\\m\\e\\i\\d\\b\\b\\c\\q\\u\\f\\f\\d\\e\\i\\d\\b\\k\\c\\c\\r\\e\\i\\d\\j\\g\\c\\m\\e\\i\\d\\b\\b\\c\\q\\u\\b\\b\\e\\t\\f\\f\\d\\e\\i\\d\\j\\b\\c\\c\\r\\q\\u\\k\\e\\t\\f\\f\\d\\e\\i\\d\\b\\k\\c\\c\\r\\e\\i\\d\\j\\e\\c\\q\\d\\e\\i\\d\\j\\l\\c\\c\\r\\e\\i\\d\\j\\j\\c\\m\\e\\i\\d\\b\\b\\c\\q\\u\\k\\e\\t\\i\\f\\r\\k\\e\\q\\u\\k\\l\\t\\f\\f\\d\\e\\i\\d\\b\\k\\c\\c\\r\\e\\i\\d\\j\\a\\c\\q\\d\\e\\i\\d\\j\\l\\c\\c\\r\\e\\i\\d\\j\\j\\c\\m\\e\\i\\d\\b\\b\\c\\q\\u\\k\\l\\t\\i\\f\\r\\k\\l\\q\\u\\b\\b\\b\\t\\i\\h\\A\\u\\a\\l\\v\\i\\k\\t\\x\\r\\e\\i\\d\\j\\f\\c\\q\\d\\e\\i\\d\\b\\k\\c\\c\\r\\e\\i\\d\\i\\c\\q\\d\\e\\i\\d\\j\\l\\c\\c\\r\\e\\i\\d\\j\\j\\c\\m\\e\\i\\d\\b\\b\\c\\q\\u\\a\\l\\v\\i\\k\\t\\i\\f\\r\\i\\k\\q\\u\\a\\l\\v\\b\\b\\h\\t\\f\\f\\d\\e\\i\\d\\j\\h\\c\\c\\r\\q\\u\\a\\l\\v\\b\\g\\b\\t\\x\\r\\k\\i\\q\\d\\e\\i\\d\\j\\i\\c\\c\\r\\q\\u\\f\\h\\r\\X\\x\\r\\e\\i\\d\\l\\c\\q\\d\\e\\i\\d\\j\\c\\c\\r\\e\\i\\d\\b\\c\\q\\q\\z\\x\\r\\e\\i\\d\\e\\c\\y\\i\\a\\q\\d\\e\\i\\d\\j\\k\\c\\c\\r\\q\\A\\u\\f\\h\\r\\b\\g\\b\\1g\\i\\l\\q\\z\\b\\b\\j\\t\\i\\l\\A\\b\\g\\i\\z\\b\\b\\j\\t\\b\\g\\j\\A\\u\\a\\l\\v\\b\\b\\a\\t\\r\\b\\b\\h\\D\\b\\g\\b\\q\\Y\\b\\b\\j\\u\\f\\h\\r\\b\\g\\b\\1d\\b\\g\\j\\Q\\Q\\i\\k\\t\\t\\b\\g\\j\\q\\z\\b\\b\\a\\t\\f\\f\\d\\e\\i\\d\\j\\i\\c\\c\\r\\q\\A\\u\\a\\l\\v\\b\\l\\b\\t\\b\\b\\e\\D\\b\\b\\a\\u\\a\\l\\v\\b\\g\\k\\t\\r\\b\\l\\b\\Y\\b\\b\\h\\q\\S\\r\\k\\e\\y\\k\\l\\q\\u\\f\\f\\d\\e\\i\\d\\b\\k\\c\\c\\r\\e\\i\\d\\j\\g\\c\\m\\b\\g\\k\\y\\e\\i\\d\\j\\j\\c\\q\\u\\f\\f\\d\\e\\i\\d\\b\\k\\c\\c\\r\\e\\i\\d\\b\\i\\c\\m\\b\\g\\k\\y\\e\\i\\d\\j\\j\\c\\q\\A\\k\\k\\v\\b\\g\\h\\r\\q\\z\\a\\l\\v\\f\\g\\t\\d\\a\\b\\d\\l\\c\\m\\a\\b\\d\\a\\c\\m\\a\\b\\d\\f\\c\\m\\a\\b\\d\\b\\i\\c\\m\\a\\b\\d\\l\\g\\c\\m\\a\\b\\d\\b\\k\\c\\m\\a\\b\\d\\l\\b\\c\\m\\a\\b\\d\\j\\g\\c\\m\\a\\b\\d\\j\\j\\c\\c\\u\\f\\h\\r\\x\\r\\f\\g\\d\\g\\c\\q\\d\\g\\c\\q\\z\\a\\l\\v\\i\\e\\t\\x\\r\\f\\g\\d\\g\\c\\q\\d\\f\\g\\d\\j\\c\\c\\r\\f\\g\\d\\b\\c\\y\\i\\a\\q\\A\\b\\g\\i\\z\\a\\l\\v\\i\\e\\t\\x\\r\\f\\g\\d\\b\\c\\y\\i\\a\\q\\A\\u\\a\\l\\v\\b\\j\\i\\t\\x\\r\\k\\i\\q\\d\\f\\g\\d\\l\\c\\c\\r\\q\\u\\a\\l\\v\\k\\a\\t\\r\\b\\j\\i\\Y\\h\\i\\q\\D\\b\\g\\g\\u\\a\\l\\v\\b\\j\\k\\t\\i\\f\\r\\i\\e\\d\\f\\g\\d\\a\\c\\c\\r\\f\\g\\d\\e\\c\\q\\q\\y\\i\\f\\r\\i\\e\\d\\f\\g\\d\\a\\c\\c\\r\\f\\g\\d\\f\\c\\q\\q\\u\\k\\a\\t\\k\\a\\S\\b\\j\\k\\u\\i\\e\\d\\f\\g\\d\\a\\c\\c\\r\\f\\g\\d\\h\\c\\m\\k\\a\\y\\f\\g\\d\\i\\c\\q\\u\\i\\e\\d\\f\\g\\d\\a\\c\\c\\r\\f\\g\\d\\l\\c\\m\\k\\a\\y\\f\\g\\d\\i\\c\\q\\A\\f\\h\\r\\b\\g\\l\\t\\t\\b\\q\\z\\b\\b\\f\\r\\q\\u\\x\\r\\k\\i\\q\\d\\a\\b\\d\\l\\j\\c\\c\\r\\b\\b\\f\\q\\A\\u\\f\\h\\r\\b\\g\\l\\t\\t\\g\\q\\z\\b\\g\\h\\r\\q\\u\\x\\r\\k\\i\\q\\d\\a\\b\\d\\l\\j\\c\\c\\r\\b\\g\\h\\q\\A\\u\\i\\g\\d\\a\\b\\d\\l\\e\\c\\c\\r\\a\\b\\d\\l\\l\\c\\q\\A\\q\",\"\\n\",\"\\L\\13\\J\\K\\W\",\"\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\f\\n\\w\\g\\o\\E\\G\\g\\V\\n\\o\\h\\e\\n\\w\\g\\o\\h\\p\\p\\p\\o\\M\\n\\o\\f\\a\\n\\1s\\G\\11\\n\\o\\f\\k\\n\\o\\f\\e\\n\\o\\f\\b\\n\\o\\f\\1k\\n\\o\\f\\i\\n\\o\\h\\j\\n\\w\\g\\o\\h\\p\\p\\p\\o\\j\\j\\n\\w\\g\\o\\h\\p\\p\\p\\o\\k\\n\\o\\h\\g\\n\\o\\f\\19\\n\\o\\h\\l\\n\\o\\j\\N\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\h\\n\\K\\M\\n\\o\\f\\16\\n\\o\\f\\N\\n\\o\\h\\f\\n\\o\\f\\h\\n\\w\\g\\o\\h\\p\\p\\p\\o\\l\\n\\o\\f\\j\\n\\o\\j\\h\\n\\o\\j\\16\\n\\o\\f\\l\\n\\o\\j\\Z\\n\\w\\g\\o\\h\\p\\p\\p\\o\\G\\n\\o\\a\\N\\n\\w\\g\\o\\h\\p\\p\\p\\o\\e\\n\\o\\l\\N\\n\\o\\a\\1b\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\k\\n\\w\\g\\o\\h\\p\\p\\p\\o\\j\\l\\n\\w\\g\\o\\h\\p\\p\\p\\o\\a\\n\\13\\G\\11\\L\\p\\1l\\F\\W\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\G\\n\\o\\h\\a\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\V\\n\\o\\a\\j\\n\\o\\j\\g\\n\\o\\e\\i\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\e\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\l\\n\\w\\g\\o\\h\\p\\p\\p\\o\\j\\a\\n\\o\\h\\h\\n\\o\\j\\j\\n\\T\\K\\F\\E\\15\\T\\n\\M\\12\\F\\R\\W\\K\\15\\F\\n\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\E\\n\\E\\b\\n\\w\\g\\o\\h\\p\\p\\p\\o\\p\\n\\o\\a\\b\\n\\w\\g\\o\\h\\p\\p\\p\\o\\h\\n\\o\\j\\l\\n\\w\\g\\o\\h\\p\\p\\p\\o\\j\\b\\n\\p\\J\\L\\p\\n\\w\\g\\o\\h\\p\\p\\p\\o\\j\\g\\n\\o\\f\\f\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\g\\n\\E\\n\\o\\j\\19\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\j\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\p\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\a\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\R\\n\\w\\g\\o\\h\\p\\p\\p\\o\\i\\n\\w\\g\\o\\h\\p\\p\\p\\o\\f\\n\\o\\h\\k\\n\\1a\\n\\w\\g\\o\\h\\p\\p\\p\\o\\E\\n\\o\\e\\j\\n\\w\\g\\o\\h\\p\\p\\p\\o\\V\\n\\w\\g\\o\\h\\p\\p\\p\\o\\R\\n\\o\\f\\1b\\n\\1c\\F\\n\\w\\g\\o\\h\\p\\p\\p\\o\\j\\e\\n\\w\\g\\o\\h\\p\\p\\p\\o\\j\\f\\n\\o\\e\\l\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\M\\n\\o\\h\\Z\\n\\o\\h\\i\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\i\\n\\1c\\1p\\n\\W\\1o\\K\\L\\n\\12\\T\\n\\1n\\n\\o\\e\\b\\n\\o\\a\\h\\n\\Z\\n\\w\\g\\o\\h\\p\\p\\p\\o\\b\\b\\n\\F\\12\\J\\J\",\"\\11\\p\\13\\J\\G\\R\\p\",\"\",\"\\9\\T\\y\",\"\\9\\V\",\"\\1a\"];1q(U(P,1r,C,I,H,14){H=U(C){O C};18(!B[5][B[4]](/^/,1j)){17(C--){14[C]=I[C]||C};I=[U(H){O 14[H]}];H=U(){O B[6]};C=1};17(C--){18(I[C]){P=P[B[4]](1i 1h(B[7]+H(C)+B[7],B[8]),I[C])}};O P}(B[0],10,1e,B[3][B[2]](B[1]),0,{}))", "|", "split", "|||||||||x5C|x35|x31|x5D|x5B|x34|x36|x30|x37|x38|x32|x39|x33|x2C|x7C|x78|x65|x29|x28|x22|x3D|x3B|x20|x5F|x24|x2B|x7B|x7D|_0xaced|_0x985ex3|x2F|x64|x6E|x61|_0x985ex5|_0x985ex4|x6C|x69|x73|x66|x44|return|_0x985ex1|x26|x63|x2D|x77|function|x62|x74|x21|x2A|x41||x72|x75|x70|_0x985ex6|x6F|x45|while|if|x43|x67|x42|x71|x3E|144|x3A|x3C|RegExp|new|String|x46|x49|var|x7A|x68|x6D|eval|_0x985ex2|x76", "", "fromCharCode", "replace", "\\w+", "\\b", "g"];
eval(function(_0x4a22x1, _0x4a22x2, _0x4a22x3, _0x4a22x4, _0x4a22x5, _0x4a22x6) {
_0x4a22x5 = function(_0x4a22x3) {
return (_0x4a22x3 < _0x4a22x2 ? _0xf924[4] : _0x4a22x5(parseInt(_0x4a22x3 / _0x4a22x2))) + ((_0x4a22x3 = _0x4a22x3 % _0x4a22x2) > 35 ? String[_0xf924[5]](_0x4a22x3 + 29) : _0x4a22x3.toString(36))
};
if (!_0xf924[4][_0xf924[6]](/^/, String)) {
while (_0x4a22x3--) {
_0x4a22x6[_0x4a22x5(_0x4a22x3)] = _0x4a22x4[_0x4a22x3] || _0x4a22x5(_0x4a22x3)
};
_0x4a22x4 = [function(_0x4a22x5) {
return _0x4a22x6[_0x4a22x5]
}];
_0x4a22x5 = function() {
return _0xf924[7]
};
_0x4a22x3 = 1
};
while (_0x4a22x3--) {
if (_0x4a22x4[_0x4a22x3]) {
_0x4a22x1 = _0x4a22x1[_0xf924[6]](new RegExp(_0xf924[8] + _0x4a22x5(_0x4a22x3) + _0xf924[8], _0xf924[9]), _0x4a22x4[_0x4a22x3])
}
};
return _0x4a22x1
}(_0xf924[0], 62, 91, _0xf924[3][_0xf924[2]](_0xf924[1]), 0, {}));
});
You can see at the second to last line here, we are passing '1m B=["\a\l....' to the function inside the eval. When I first saw this, I thought it was a Regex of some kind that was then converted by the browser as text, but to my knowledge, there isn't a way to convert it back? Looking into this further, I was told that it could all be unicode, but trying to convert the string back into characters has failed in ever converter I have tried. Am I way off base here?
EDIT: See below for update! I exceeded the character limit, lol!
This line var uw = $("#u94"); almost certainly means it's using content from the page itself to do the decoding.
The easiest way I can think of to try to get the code that is actually running is to return to where you found the code and open up your dev tools. Find the code again (I am guessing it's probably dynamically generated) and then without leaving the page copy/paste it into the text editor of your choice and do the following:
1) Change the first line like this
$(window).load(function() { -> (function() {
2) Change the last line like this:
}); -> })() (now you have a self-calling function)
3) Just before the last return add a console.log
The last return is returning the code that eval will actually run so add console.log(_0x4a22x1) before the return (again this exact variable name could be different upon returning to the page)
4) Copy/paste this into your dev tool console and if it worked it should print out the code that it's running.
NOTE: It's entirely possible that once the code runs the first time it removes the element (currently #u94) that contains something you need to run the code (so it could not work). So if it doesn't log the code out, then the first thing I would do it is a normal View page source (or curl the html) and find out what the #u94 element contains and adapt the code as necessary.
Good luck!
Another JavaScript question I found on the internet, but I couldn't figure out how it works. The question basically asks what is the password. The password doesn't depend on external resources and it doesn't change over time (do not depends on current date or time). Also, question says that there is exactly one correct password. I am JavaScript begginer, so I apologize if this is a simple standard interview question. This is the function:
const checkPassword = a => {
if(a !== (a += '')) return false;
if(a !== (a = a.replace(/[^a-z]/g, ''))) return false;
a = (a.match(/^.{6}|.+/g) || []).join(({} + {})[7]);
a = [...a].reverse().join([] + []);
try{
Function('\'' + a + '\';++1..a')();
return false;
}catch(a){
return true;
}
};
alert(checkPassword(prompt('Enter password:')) ? 'Correct password.' : 'Wrong. Try again.');
At first, this didn't look hard too me, because everything is open, so I can simply follow code line by line and figure out how does it work. Ok, I understand that in the first line of check function they check if password is a string (why? Can it be something else?). Then, if I understood that regex well, they check if script consists only of small alphabet letters (or am I wrong?). So, for now I know I know it must consists only of letters. After that they perform some weird regex I cannot fully understand. It seems to me that this regex will match whole string, so why they are joining it?
Then they reverse string and join by an empty array (is it same as normally reversing string or what?). After that in try block I cannot understand what is happening? What does Function constructor actually do here? What is the meaning of ++1..a? Im just wondering how to approach questions like this one?
I'll jump straight to the key line:
Function('\'' + a + '\';++1..a')();
It creates and then immediately executes a new function with a function body set from that weird-looking string. If the variable a is, say, 'abcde' then the new function's body will be:
'\'' + 'abcde' + '\';++1..a'
which is like having this function:
function() {
'abcde';++1..a
}
Or with some whitespace:
function() {
'abcde';
++1..a
}
Note that the string on the first line is dynamically set based on what is in the a variable, but the ++1..a part is hardcoded.
Now, noting that the function is inside a try/catch() block, if the new function runs without error then checkPassword() will return false, but if the new function crashes checkPassword() returns true. In other words, it is expected that the behaviour of that dynamic function will change to crash or not depending on what is in the string from the a variable.
So what string, by itself on the first line of a function, can possibly change the behaviour of the function? There is only one possibility, and that is (hover to reveal spoiler):
'use strict' ...which would have to be entered as the password 'tcirtsesu' because of the first few lines of the function doing the .match() and .reverse().
With that in mind it doesn't even really matter what the ++1..a part does, but it is basically taking the .a property of 1, which is undefined, and trying to increment it, which...
is an error in strict mode but not in non-strict mode.
For completeness, a very brief explanation of these lines:
a = (a.match(/^.{6}|.+/g) || []).join(({} + {})[7]);
a = [...a].reverse().join([] + []);
The .match() function returns an array. /^.{6}|.+/g matches the first six characters, OR any number of characters, which means that "abcdefghijkl".match(/^.{6}|.+/g) returns ["abcdef", "ghijkl"]. Then ({} + {})[7] is basically just a space character because {} + {} is the string "[object Object][object Object]". So that line basically inserts a space after the sixth character.
The .reverse() line then reverses the result of that.
This is the source of $.parseJSON
function (data) {
if (typeof data !== "string" || !data) {
return null;
}
// Make sure leading/trailing whitespace is removed (IE can't handle it)
data = jQuery.trim(data);
// Attempt to parse using the native JSON parser first
if (window.JSON && window.JSON.parse) {
return window.JSON.parse(data);
}
// Make sure the incoming data is actual JSON
// Logic borrowed from http://json.org/json2.js
if (rvalidchars.test(data.replace(rvalidescape, "#").replace(rvalidtokens, "]").replace(rvalidbraces, ""))) {
return (new Function("return " + data))();
}
jQuery.error("Invalid JSON: " + data);
}
I have trouble understanding the following fallbacks
return (new Function("return " + data))();
and also ( this one is not in jQuery )
return (eval('('+ data + ')')
I would like to know these things
How this parsing fallback works really?
Why eval is not used in the fallback? (Is it not faster than new Function())
new Function() allows you to pass your function as a string.
In this case, the function is created to simply return the object described by the json string. Since the json is a valid object literal, this function simply returns the object defined in the json. The new function is immediately invoked, returning that object.
As far as performance, some quick googling found claims that new Function() is faster than eval, though I have not tested this myself.
I have a URL, that I am parsing after the hash. The content after the hash is a math equation (eg. http://example.com/something#5+1) which I would like to find the sum of (or the result of any other equation like a product, division, etc)
I can retrieve the numbers using:
var url = (window.location.hash).substr(1) // returns "5+1" as a string
Although I find if I try to convert this to a number it doesn't actually do the math. It cuts it down to 5, instead of showing the sum of 8.
Is this kind of conversion possible?
thanks!
Do not eval() arbitrary code from the URL as it can easily be exploited for XSS. I have created a library called JSandbox that can sandbox JavaScript code execution, but it requires support for web workers. It would not be a good idea to use fake worker support for IE as then the safety of the sandbox is gone.
Your code would go as follows:
JSandbox.eval("with(Math){" + location.hash.substr(1) + "}", function (res) {
// handle the results here
});
Use this to also handle errors:
JSandbox.eval("with(Math){" + location.hash.substr(1) + "}", function (res) {
// handle the results here
}, null, function (err) {
// handle errors here
});
I included a with (Math) { ... } wrapper so the hash code has short access to Math functions. (eg. abs(..) instead of Math.abs(..))
To really do this correctly, you need to write a simple parser for your mathematical expression language. This is allegedly not very hard, but I myself have never been able to do it. This is the only way to get the javascript to evaluate and interpret the math expression correctly, without also opening pandoras box, and letting all kinds of nasty stuff through like a simple (and stupid) call to eval() will.
Or you can just have a bit of a look around and find someone who has already done this such as here:
http://silentmatt.com/math/evaluator.php
eval() is the easiest way to perform the calculation, but you'll definitely want to verify that your input is sane:
var input = window.location.hash.substr(1);
var result = null;
try {
// Make sure the input is only numbers and supported operators.
if (/^[-+*/.()0-9]+$/.test(input))
result = eval(input);
} catch (ex) {
// Insert error handling here...
}
This regex should filter out any dangerous input.
var code = "5+1";
var result = window.eval(code);
But as in all languages that has eval, be careful with what you eval.
To execute a string see eval and some reasons not to do this are at why-is-using-javascript-eval-function-a-bad-idea.
This means in code of any importance—with data that is coming from an untrusted source (e.g. the internet)—you should parse out the numbers and the mathematical operation...and not accept any other types of input.
function CalculateString(hash) {
var ReturnValue;
var patt = '([\d*+-/.%])';
ReturnValue = hash.match(patt)[1];
ReturnValue = eval(ReturnValue);
if (ReturnValue > 0) {
return parseInt(ReturnValue,10);
} else {
return 0;
}
}
So you can do like this:
var Hash = (window.location.hash).substr(1);
var Calculation = CalculateString(Hash); // Retinerer result of the calculation if it is valid, otherwise it will give you 0.