使用javascript从脚本标签中提取字符串
[英]Extracting Strings from script tag using javascript
问题描述
How can i extract all the strings present in script tags. 
如何提取脚本标记中存在的所有字符串。 I want to extract each string and find whether any shellcode is present. 我想提取每个字符串并查找是否存在任何shellcode。 But javascript uses several methods in declaring a string For example a string can be 但是javascript使用多种方法声明字符串,例如,字符串可以是
var y="Some text";
var x1 = "3+4";
eval("\144\157\143\165\155\145\156\164"); //string given in eval();
It can be in a concatenated format 它可以是级联格式
var x1 = "te ActiveX Co"; var x2 = "ntrol"; var x3 = x1 + x2;
var x4 = "Execu" + x3;
How can i identify each and every string even if it is defined in eval() or document.write() by using simple javacript code. 即使使用简单的Javacript代码在eval()或document.write()中定义了字符串,我也如何识别每个字符串。
1 个解决方案
解决方案1
1 已采纳 2012-05-10 04:54:32
This is a very complex problem for which there is no simple solution. 这是一个非常复杂的问题,没有简单的解决方案。
You could use a parser generator and the BNF definition of the ECMAScript language (surely you can find it on the web somewhere) to extract strings from the target source code. 您可以使用解析器生成器和ECMAScript语言的BNF定义(肯定可以在网上找到它)从目标源代码中提取字符串。
[Edit] Since the linked parser generator is written in JavaScript and supports web browsers as a platform you can generate a custom ECMAScript parser, embed it in a page, and fetch all the embedded script source (eg $('script').map(function(){return $(this).text();}) ). [编辑]由于链接解析器生成器是用JavaScript编写的,并且支持Web浏览器作为平台,因此您可以生成自定义ECMAScript解析器,将其嵌入页面中,并获取所有嵌入式脚本源(例如$('script').map(function(){return $(this).text();}) )。 Note that your custom parser could simply echo the parsed strings, eg via console.log(...) . 请注意,您的自定义解析器可以简单地回显已解析的字符串,例如通过console.log(...) 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.