词条 | JSFuck | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
释义 |
[ , ] , ( , ) , ! , and + . The name is derived from Brainfuck, an esoteric programming language that also uses a minimalistic alphabet of only punctuation. Unlike Brainfuck, which requires its own compiler or interpreter, JSFuck is valid JavaScript code, meaning that JSFuck programs can be run in any web browser or engine that interprets JavaScript. JSFuck is able to recreate all JavaScript functionality using such a limited set of characters because JavaScript is a weakly typed programming language, and it allows the evaluation of any expression as any type.[1]In July 2009, Yosuke Hasegawa created a web application called jjencode which could encode arbitrary JavaScript into an obfuscated form utilizing only the 18 symbols JSFuck can be used to bypass detection of malicious code submitted on websites, e.g. in cross-site scripting (XSS) attacks.[10] Another potential use of JSFuck lies in code obfuscation. An optimized version of JSFuck has been used to encode jQuery, the most-used JavaScript library, into a fully functional version written with just the six characters.[11] Encoding methodsJSFuck code is extremely "verbose": In JavaScript, the code NumbersThe number 0 is created by The number 1 is formed as The digits 2 to 9 are formed by summing Integers consisting of two or more digits are written, as a string, by concatenating 1-digit arrays with the plus operator. For example, the string By replacing the digits with the respective JSFuck expansions, this yields To get a numeric value instead of a string, one would enclose the previous expression in parentheses or square brackets and prepend a plus, yielding LettersSome letters can be obtained in JSFuck by accessing single characters in the string representations of simple boolean or numeric values like The following is a list of primitive values used as building blocks to produce the most simple letters.
Example: Creating the letter "a"
Proof: In JavaScript, Other constructsThe Character tableThe characters with the shortest JSFuck expansions are listed below. Other characters can be expressed as well but will generate considerably longer code.
SecurityLacking the distinct features of "usual" JavaScript, obfuscation techniques like JSFuck can assist malicious JavaScript code in bypassing intrusion prevention systems[14] or content filters. For instance, the lack of alphanumeric characters in JSFuck on the one hand, and a flawed content filter on the other hand, allowed sellers to embed arbitrary JSFuck scripts in their eBay auction pages.[15] References1. ^Jane Bailey/The Daily WTF: "Bidding on Security". http://thedailywtf.com/articles/bidding-on-security 2. ^{{cite web |url=http://utf-8.jp/public/jjencode.html |title=jjencode - Encode any JavaScript program using only symbols |website=utf-8.jp |last=Hasegawa |first=Yosuke |dead-url=no |archive-url=https://web.archive.org/web/20090715022126/http://utf-8.jp/public/jjencode.html |archive-date=2009-07-15 |date=2009-07-10 |access-date=2017-10-25}} 3. ^{{cite web |url=http://utf-8.jp/ |title=UTF-8.jp [2009-07-28] |website=utf-8.jp |last=Hasegawa |first=Yosuke |dead-url=no |archive-url=https://web.archive.org/web/20090728092939/http://utf-8.jp/ |archive-date=2009-07-28 |date=July 2009 |access-date=2017-10-25 |df= }} 4. ^{{cite web |url=http://sla.ckers.org/forum/read.php?24,32930 |title=Yet Another Useless Contest (but fun!) Less chars needed to run arbitrary JS code |website=sla.ckers.org |dead-url=yes |archive-url=https://web.archive.org/web/20110301054929/http://sla.ckers.org/forum/read.php?24,32930 |archive-date=2011-03-01 |date=2010-01-14 |access-date=2017-10-25}} 5. ^{{cite web |url=http://discogscounter.getfreehosting.co.uk/js-noalnum_com.php |title=js-noalnum_com.php |website=discogscounter.getfreehosting.co.uk |dead-url=no |archive-url=https://web.archive.org/web/20100301190117/http://discogscounter.getfreehosting.co.uk/js-noalnum_com.php |archive-date=2010-03-01 |access-date=2017-10-25}} 6. ^{{cite web |url=http://utf-8.jp/public/jsfuck.html |title=JSF*ck - []()!+ |website=utf-8.jp |last=Hasegawa |first=Yosuke |dead-url=no |archive-url=https://web.archive.org/web/20101201115501/http://utf-8.jp/public/jsfuck.html |archive-date=2010-12-01 |date=November 2010 |access-date=2017-10-25}} 7. ^{{cite web |url=http://utf-8.jp/ |title=UTF-8.jp [2010-11-30] |website=utf-8.jp |last=Hasegawa |first=Yosuke |dead-url=no |archive-url=https://web.archive.org/web/20101130145703/http://utf-8.jp/ |archive-date=2010-11-30 |date=November 2010 |access-date=2017-10-25 |df= }} 8. ^{{cite web |url=https://github.com/aemkei/jsfuck/commits/master?after=6b7e2e9ef44941e028ddf16a793a6c8902da2ae3+139 |title=Commits · aemkei/jsfuck |website=github.com |last=Kleppe |first=Martin |date=2012-07-16 |accessdate=2017-10-25}} 9. ^{{cite web |url=http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fwww.jsfuck.com%2F |title=Site report for www.jsfuck.com |website=toolbar.netcraft.com |last=Kleppe |first=Martin |date=September 2012 |accessdate=2017-10-25}} 10. ^https://arstechnica.com/security/2016/02/ebay-has-no-plans-to-fix-severe-bug-that-allows-malware-distribution/ Ars Technica: Ebay has no plans to fix severe bug that allows malware distribution 11. ^https://github.com/fasttime/jquery-screwed jQuery JavaScript library made of only six different characters: ! ( ) + 12. ^http://patriciopalladino.com/blog/2012/08/09/non-alphanumeric-javascript.html "Brainfuck Beware: JavaScript is after you!" 13. ^Adapted from: https://esolangs.org/wiki/JSFuck 14. ^Ré Medina, Matías A. (2012-09). Bypassing WAFs with non-alphanumeric XSS. Retrieved from http://blog.infobytesec.com/2012/09/bypassing-wafs-with-non-alphanumeric-xss.html. 15. ^{{cite web|url=https://arstechnica.com/security/2016/02/ebay-has-no-plans-to-fix-severe-bug-that-allows-malware-distribution/|title=eBay has no plans to fix "severe" bug that allows malware distribution [Updated]|work=Ars Technica}} External links
2 : Esoteric programming languages|JavaScript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。