javascript eval('code') has never been this deeply analyzed...

Started by Darren Dirt, January 09, 2019, 10:57:45 AM

Previous topic - Next topic

Darren Dirt

[fascinating.jpg]

http://perfectionkills.com/global-eval-what-are-the-options/#indirect_eval_call_theory **

found via "evel.js - Sandboxing JavaScript in the browser" http://n.exts.ch/2013/07/evel_js [blog title = "a glob of nerd?ish?ness" = LOL true]

Quote from: http://perfectionkills.com/global-eval-what-are-the-options/#indirect_eval_call_examples
Indirect eval call examples
If you?re still not quite able to recognize indirect eval calls, these are some of the examples:

(1, eval)('...')
(eval, eval)('...')
(1 ? eval : 0)('...')
(__ = eval)('...')
var e = eval; e('...')
(function(e) { e('...') })(eval)
(function(e) { return e })(eval)('...')
(function() { arguments[0]('...') })(eval)
this.eval('...')
this['eval']('...')
[eval][0]('...')
eval.call(this, '...')
eval('eval')('...')

According to ES5, all of these are indirect calls and should execute code in global scope.
(!)
_____________________

Strive for progress. Not perfection.
_____________________