read bio
Follow

unicode javascript blend mix is so much fun

· · 0 · 1 · 3
read bio

here's some neat looking invalid javascript

it won't do anything when you run it, it's so obviously invalid, right

sprunge.us/QeYK

0
read bio

This program has multiple syntax faults, and even if it didn't, it's not calling anything.
ghostbin.com/paste/gu9tu

(Hint: The emoticons at the bottom are red herrings.)

0
kasran, fourier transfemme

@boots i'm afraid of this questionably invalid javascript

0
read bio

@typhlosion you can run it, it'll error

0
kasran, fourier transfemme

@boots suuuuure

0
read bio

@typhlosion i am absolutely certain an error will occur when you run it

0
kasran, fourier transfemme

@boots BOOTS HOW

0
read bio

@typhlosion

0
kasran, fourier transfemme

@boots i will crack your dark unicode magic yet

0
kasran, fourier transfemme

@boots i mean something fucky is happening with the code coloring so it's sure to be something to do with unicode

0
read bio

@typhlosion okay so that one may not have actually caused an error
here's a fixed version
sprunge.us/OSIb

0
kasran, fourier transfemme

@boots after the last one i'm not trusting any not-statically-analyzed code from you not to do something arbitrarily harmful >:c

0
read bio

@typhlosion honestly code from me should just not be trusted as far as "it'll probably always do something really weird that it shouldn't do", not untrusted as far as "arbitrarily harmful"

0
read bio

@typhlosion (then again arbitrarily harmful is arbitrary so i dunnoooo)

0
read bio

@typhlosion also besides, you can see just by looking at it that it's the same source file
nothing different, tis merely a joke, you can check ;^

0
kasran, fourier transfemme

@boots you can't get your invisible unicode fairy dust past my keen typhlosion nose

0
read bio

@typhlosion but where's the invisible unicode got to hide? ✨

0
kasran, fourier transfemme

@boots in between a regex disguised as a blank comment line, of course

0
read bio

@typhlosion awwwwwww 🎊 you win

0
kasran, fourier transfemme

@boots

i still haven't entirely figured out how precisely it works, but you play a very good misdirection game

0
Darius: Moving Accts, See Bio

@boots ha

0
kasran, fourier transfemme

@boots i am really enjoying this one

0
kasran, fourier transfemme

@boots i really like how a certain subset of the code makes the alert appear not once, but over and over again

0
read bio

@typhlosion the best part is if you're in chrome try typing "Object." into the dev console

0
kasran, fourier transfemme

@boots boots how...

0
read bio

@typhlosion chrome's sandboxing is really weird

0
kasran, fourier transfemme

@boots okay i think i figured this one out - i really like the disguised arrow function, that was a good touch

0
read bio

@typhlosion yeah, basically the browser casts SyntaxError to a string when it gets ~ called on it (bitwise-not) and since the function.prototype assignment ran first due to parenthesis, it runs the alert

the "Object." thing is just chrome weirdness though
iirc you can use it to make a dev tools beartrap which is fun

0
kasran, fourier transfemme

@boots i was able to get the payload to run with just 0/(the function prototype assignment), which is what ended up finally cinching it for me

0
Sign in to participate in the conversation
Computer Fairies

Computer Fairies is a Mastodon instance that aims to be as queer, friendly and furry as possible. We welcome all kinds of computer fairies!

Resources

Developers

What is Mastodon?

computerfairi.es

More…