Brush Zhihu saw a particularly interesting topic: What are the tricks and tricks of JavaScript? [1]
Seeing an eye-opening answer, share it with you, the following is the text:
js is a powerful language. For hackers, this is a powerful tool to bypass WAF. For example, when letters and numbers are not blocked by WAF, you can play like this:
1 = !+[] = ++[[]][+[]]
2 = !+[]+!+[] = ++[++[[]][+[]]][+[]]
3 = !+[]+!+[]+!+[] = ++[++[++[[]][+[]]][+[]]][+[]]
and
a method of obtaining false[1] or NaN[1]
false = ([![]]+[])
// Empty array, NOT once, add square brackets and then pass +[] to convert to string
1 = ++[[]][+[]]
//I explained it before, or you can use !+[].
So a can be expressed with this: ([![]]+[]) [++[[]][+[]]]
Similarly, l is false[2], which is equal to ([![]]+[])[++[++[[]][+ []]][+[]]]
e is false[4], r and t are obtained by true, and true is false as the result of removing the NOT symbol
The final alert is this:
(+[][+[]]+[])[++[[]][+[]]]+([![]]+ [])[++[++[[]][+[]]][+[]]]+([!![]]+ [])[++[++[++[[]][+[]]][+[]]][+[]]]+ ([!![]]+[])[++[[]][+[]]]+([!![]]+ [])[+[]]
There are some more complicated letters that need to be circumvented, such as the construction of the window object:
(1,[].sort)() = window
sort of s passes false, rt passes true, o passes [object Object]
So window.alert(1) is the following code:
([],[][([![]]+[])[++[++[++[[]][+[]]][+[]]] [+[]]]+([]+{})[++[[]][+[]]]+([!![]]+[])[++ [[]][+[]]]+([!![]]+[])[+[]]])()[ (+[][+[]] +[])[++[[]][+[]]]+([![]]+[])[++[++[[]][+ []]][+[]]] +([!![]]+[])[++[++[++[[]][+[]]] [+[]]][+[]]]+([!![]]+[])[++ [[]][+[]]]+ ([!![]]+[])[+[]]](++[[]][+[]] "],[][([![]]+[])[++[++[++[[]][+[]]][+[]]] [+[]]]+([]+{})[++[[]][+[]]]+([!![]]+[])[++ [[]][+[]]]+([!![]]+[])[+[]]])()[ (+[][+[]] +[])[++[[]][+[]]]+([![]]+[])[++[++[[]][+ []]][+[]]] +([!![]]+[])[++[++[++[[]][+[]]] [+[]]][+[]]]+([!![]]+[])[++ [[]][+[]]]+ ([!![]]+[])[+[]]")“
Author: Roy Li Link: https://www.zhihu.com/question/27428135/answer/36802082
”
Finally, I recommend an interesting website, http://www.jsfuck.com/, to see more weird and useless knowledge.
reading this article, do you feel that you have increased your knowledge?
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。