JavaScript has a TypedArray class, it's just hidden.
-
Ryan Castellucci :nonbinary_flag:replied to Ryan Castellucci :nonbinary_flag: last edited by
Some of these are actual working constructors, e.g. you can do:
let g_ = new GeneratorFunction('let i = 0; while (1) yield i++;')();
g_.next(); // yields {value: 0, done: false}
g_.next(); // yields {value: 1, done: false}
g_.next(); // yields {value: 2, done: false} -
Ryan Castellucci :nonbinary_flag:replied to Ryan Castellucci :nonbinary_flag: last edited by
This is, of course, "sparkling eval". Content-Security-Policy probably treats it as such, otherwise I just accidentally dropped 0-day.
-
Ryan Castellucci :nonbinary_flag:replied to Ryan Castellucci :nonbinary_flag: last edited by
My partner's mother bought me a club mate for Christmas, and between the caffeine rush and how much the commercials playing during the football() game that's on the TV are making me despise capitalism, I'm shitposting to cope.
-
Cyclophorareplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc wait why does it take a string
-
Ryan Castellucci :nonbinary_flag:replied to Cyclophora last edited by [email protected]
@cyclophora LOL.
Seriously though, it's just like the regular
Function()
constructor, except for generator functions.Function() constructor - JavaScript | MDN
The Function() constructor creates Function objects. Calling the constructor directly can create functions dynamically, but suffers from security and similar (but far less significant) performance issues as eval(). However, unlike eval (which may have access to the local scope), the Function constructor creates functions which execute in the global scope only.
MDN Web Docs (developer.mozilla.org)
Literally
eval
with extra steps. -
Cyclophorareplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc what is the point of this why does it not take another function or something. I'm crying blood please help
-
@ryanc was it added before people realized eval was a bad idea?
-
F4GRX Sébastienreplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc programming language of the utterly deranged, look at what they are asking your respect for all this time.
-
Ryan Castellucci :nonbinary_flag:replied to F4GRX Sébastien last edited by
@f4grx Some might consider this knowledge unnatural but knowing it pays well enough to be worth the psychic damage.
-
Ryan Castellucci :nonbinary_flag:replied to Cyclophora last edited by
@cyclophora The
Function()
constructor? That's been around for ages. Folks knew better by the time generator functions were a thing, but violence was chosen.There are so many ways to do eval in JavaScript, though.
-
-
Cyclophorareplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc i feel like there should be a way to turn off eval from inside JS in addition to CSP
-
Ryan Castellucci :nonbinary_flag:replied to Cyclophora last edited by
@cyclophora Did you know that
settimeout
can take a string argument?You can add an invisible button to the dom with an
onclick
attribute that's a string of code and then call.click()
on it.Create an iframe with a
javascript:...
URI.It's a bit of a lost cause.
Also, I've written bytecode interpreters in JavaScript that can run arbitrary code and bypass CSP restrictions.
-
Ge0rGreplied to Ryan Castellucci :nonbinary_flag: last edited by
@ryanc
Not sure if sarcasm or actual Javascript usability improvement... or both?! -
Ryan Castellucci :nonbinary_flag:replied to Ge0rG last edited by
@ge0rg Mostly sarcasm. There are more sensible ways to detect whether something is a typed array.