
Brainfuck beware: JavaScript is after you (2012) - SworDsy
http://patriciopalladino.com/blog/2012/08/09/non-alphanumeric-javascript.html
======
Noctem
It's been a while since I last brushed up on the Geneva Conventions, but I
think this violates most of them.

------
Pitarou
Yet another example of the horrible mess unprincipled automatic type
conversion causes.

What prevents language designers from avoiding all these lurking bugs with a
generic type-conversion operator? E.g. here's how it might look in a Python-
like language:

    
    
        >>> x = 1
        >>> y = "2"
        >>> print(x + cast(y))
        3
        >>> print(cast(x) + y)
        "12"
        >>> print(cast(x) + cast(y))
        Exception: ambiguous type

~~~
anon4
you can already do exactly that in Python with a bit of evil magic:

    
    
      $ cat evil.py
      class cast(object):
          def __init__(self, x):
              if isinstance(x, cast):
                  self.x = x.x
              else:
                  self.x = x
    
          def __add__(self, other):
              return other.__class__(self.x) + other
    
          def __radd__(self, other):
              return other + other.__class__(self.x)
      
    
      $ python3 -i evil.py 
      >>> a = 1
      >>> b = "2"
      >>> a + b
      Traceback (most recent call last):
        File "<stdin>", line 1, in <module>
      TypeError: unsupported operand type(s) for +: 'int' and 'str'
      >>> cast(a) + b
      '12'
      >>> a + cast(b)
      3
      >>> cast(a) + cast(b)
      Traceback (most recent call last):
        File "<stdin>", line 1, in <module>
        File "evil.py", line 9, in __add__
          return other.__class__(self.x) + other
        File "evil.py", line 9, in __add__
        ... repeated many times ...
        File "evil.py", line 9, in __add__
          return other.__class__(self.x) + other
      RuntimeError: maximum recursion depth exceeded

~~~
Pitarou
That's awesome. Have a unicode trophy (&#127942;) as a prize:

🏆

------
zatkin
I'm curious on what the performance implications are. If I have some
JavaScript on a webpage that I want to "obfuscate", would using this
accomplish the task?

~~~
alcuadrado
The performance seriously decreases. I haven't measure how much, but I guess
it'd only work for very very small scripts.

~~~
xxs
once the eval() invocation is complete and the code generated/compiled the
performance should be the same as the code normally written. Basically it's
only compiler from []{}!+ to javascript.

~~~
calibwam
However, your js files would get really big, and download latency could
actually be a performance drop.

~~~
xxs
True, however they should be very well compressible by 'deflate' too, the main
concern is the initial parsing grok by the JIT. Yet, on runtime the scripts
will be good as any.

------
tonylampada
I've seen this before here: [http://www.jsfuck.com/](http://www.jsfuck.com/).

It's nice that this guy actually explains how it works

------
facorreia
> For instance, here is 4: !+[]+!![]+!![]+!![].

Gotta love this language... It's a wonder we can get any work done with it.
But, used with discipline, it's not too bad.

------
nirmel
I am not a programmer so this is part curiosity and part criticism. Why do
programmers seem to enjoy creating programs that satisfy some syntactical
constraint? Is it a fun mental exercise, or or can you just admit that you're
showing off on something that really does not matter?

~~~
gioele
«It is hard to write a simple definition of something as varied as hacking,
but I think what these activities have in common is playfulness, cleverness,
and exploration. Thus, hacking means exploring the limits of what is possible,
in a spirit of playful cleverness. Activities that display playful cleverness
have "hack value".»

[https://stallman.org/articles/on-
hacking.html](https://stallman.org/articles/on-hacking.html)

«The MIT group defined a hack as a project undertaken or a product built to
fulfill some constructive goal, but also with some wild pleasure taken in mere
involvement.»

[http://en.wikipedia.org/wiki/Hacker_ethic](http://en.wikipedia.org/wiki/Hacker_ethic)

------
nubs
I once did something similar in PHP.[1] View the semi-useful writeup[2] as
well.

[1]:
[https://gist.githubusercontent.com/nubs/5849633/raw/78bae58f...](https://gist.githubusercontent.com/nubs/5849633/raw/78bae58f6675f4e514d7a784c3142dd7d98f0629/nodigitsorquoteseither.php)

[2]:
[https://gist.github.com/nubs/5849633](https://gist.github.com/nubs/5849633)

------
aqrashik
This method could also be used to evade XSS filters.

For e.g. I believe encoding code using something similar is the only way to
solve this challenge - [http://escape.alf.nu/9/](http://escape.alf.nu/9/)

------
shittyanalogy
Encoder for a similar subset:
[http://utf-8.jp/public/jjencode.html](http://utf-8.jp/public/jjencode.html)

------
ChrisAntaki
This was a brilliant article, I learned a ton, thanks.

------
dj-wonk
{Brace} yourself before (and after) reading this.

