Cross-site Scripting (XSS) using a hyphen
Question
If I type this into Chrome's console I get the alert showing:
'some string'-alert(1)-'another string'
If I instead type following in I get Uncaught SyntaxError: Unexpected identifier :
'some string'alert(1)'another string'
What is the significance in the hyphens enabling the alert to be executed?
2 answers
solution1
3 ACCPTED 2019-04-03 15:27:49
First one is evaluated as: String .. minus .. result of function call .. minus .. String .
Using subtraction with strings casts them to number or NaN
The alert fires simply because it is a function. It's return value is undefined.
So after alert fires you effectively have NaN - undefined - NaN which returns NaN which is what you see in console
solution2
2 2019-04-03 15:26:42
Because Javascript isn't strongly typed, you can (attempt) to subtract strings. Because of this, the interpreter is evaluating each part of the expression, one of which is the alert . This causes a popup to appear. The interpreter/compiler cannot compile the second one due to incorrect syntax.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.