

Encode any JavaScript with only six characters - antichaos
http://utf-8.jp/public/jsfuck.html

======
endtwist
For those curious, the trick works by creating strings (such as "NaN" or
"Infinity") and integers, then treating the strings as arrays and selecting
out characters. The [], +, ! and () are assembled in sequences that result in
these strings/integers (thanks to Javascript's liberal language rules).

Here's a dictionary/more information:
<http://sla.ckers.org/forum/read.php?24,33349,33405>

------
jballanc
While this might seem like nothing more than a neat parlor trick, there is an
important lesson to take away: NEVER, under ANY circumstances insert untrusted
values into your scripts. No amount of white-listing/black-
listing/escaping/etc. will protect you.

------
hasegawayosuke
In the past, this was worked on Chrome and Firefox. but now JSF*ck is worked
only Opera. Sorry, but I have no patience to fix it.

\-- Yosuke HASEGAWA / utf-8.jp

------
laserDinosaur
Oddly I could not get it to work in chrome or firefox, and it managed to crash
all my tabs in chrome.

The other demos seem to work much better though:
<http://utf-8.jp/public/jjencode.html>

------
jr62
On Chrome 14 (Linux), when I click "eval" it doesn't show the alert dialog.
Even leaving the default text there. It's an interesting concept though, would
definitely be good to see an explanation of how it works.

~~~
quanticle
If I try copying and pasting the encoded source into Chrome's JS console, it
gives the following error:

    
    
        TypeError: Array.prototype.sort called on null or undefined.
    

I would be interested to see what exactly it's doing, and how alert("Hello
World"); gets mangled to call Array.prototype.sort().

EDIT: I should note that I get this error no matter what code I put in. I
think Chrome's Javascript interpreter is somehow interpreting some of that
boilerplate as a call to Array.prototype.sort() somehow.

------
brayker
Want to know how it works? view-source:<http://utf-8.jp/public/jsfuck.html>

------
LeafStorm
This is an...interesting hack. However, it's not entirely clear how it works.

~~~
dlytle
Probably similar principles to Brainfuck. Check Wikipedia for an explanation
of Brainfuck, I can't come close to doing it justice.

~~~
baddox
Any similarity is coincidental. This hack isn't doing anything semantic or
syntactic to the code you provide: it's just encoding the string you provide
into an equivalent string in another alphabet. The two alphabets happen to be
identical in JavaScript.

For example, `+[]` equals the integer 0 (apparently the unary plus operator
coerces the empty array to a boolean then converts to an integer), and `![]`
of course equals the boolean false. Furthermore, JavaScript does some weird
type coercion, so `false + []` equals the string "false". Replace the boolean
false with `![]`, so `![] + []` equals the string "false". Now, if we need the
letter "f" we just do `"false"[0]`, encoded as `(![] + [])[+[]]`. Remove
spaces, and you can see that `(![]+[])[+[]]` is equivalent to "f".

People have figured out how to get tons of characters from small initial
character sets. See this: <http://sla.ckers.org/forum/read.php?24,33349,33405>

