G Reader里Dexter同學(xué)的分享，來自sla.ckers.org的又一神作

點我測試

GReader里看不到效果的同學(xué)請自行測試下列HTML：

<script language="javascript" type="text/javascript">
([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()[(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]])([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()[(![]+[])[+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()+[])[!+[]+!+[]]]((![]+[])[+!+[]]+(+[![]]+[])[+[]])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(+[![]]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+!+[]]]+(!![]+[])[+[]]+[][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()[(![]+[])[+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()+[])[!+[]+!+[]]]((![]+[])[+!+[]]+(+[![]]+[])[+[]])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]])
</script>

在線轉(zhuǎn)換工具

跟Brainfuck有的一拼。。。是掛馬的好辦法。。。

更新：研究了一下它實現(xiàn)的原理，有一個碼表：

(NaN+[]["filter"])[11]',
! window["atob"]("If")[0]',
" ("").fontcolor()[12]',
# window["atob"]("0iN")[1]',
$ window["atob"]("0iT")[1]',
% window["atob"]("0iW")[1]',
& window["atob"]("0ia")[1]',
' window["atob"]("0if")[1]',
( (false+[]["filter"])[20]',
) (false+[]["filter"])[21]',
* window["atob"]("0ir")[1]',
+ window["atob"]("0it")[1]',
, window["atob"]("0iy")[1]',
- (NaN+window["Date"]())[31]',
. window["atob"]("1i4")[1]',
/ (true+("")["sub"]())[10]',
0-9 ignored*/ ,,,,,,,,,,
: window["Date"]()[21]',
; window["atob"]("O0")[0]',
< ("")["sub"]()[0]',
= ("").fontcolor()[11]',
> ("")["sub"]()[10]',
? window["atob"]("0j9")[1]',
@ window["atob"]("00A")[1]',
A (+[]+[]["constructor"])[10]',
B (+[]+(false)["constructor"])[10]',
C window["atob"]("00N")[1]',
D window["btoa"](00)[1]',
E window["btoa"](01)[2]',
F (0+[]["filter"]["constructor"])[10]',
G window["btoa"]("0f")[1]',
H window["btoa"]("0t")[1]',
I ("Infinity")[0]',
J window["atob"]("00r")[1]',
K window["btoa"]("(")[0]',
L window["btoa"]("/")[0]',
M window["btoa"](0)[0]',
N ("NaN")[0]',
O window["btoa"](8)[0]',
P window["btoa"]("<")[0]',
Q window["btoa"]("a")[1]',
R window["atob"]("01I")[1]',
S window["btoa"]("I")[0]',
T window["btoa"]("N")[0]',
U window["atob"]("01W")[1]',
V window["atob"]("01a")[1]',
W (true+window)[12]',
X window["atob"]("01i")[1]',
Y window["btoa"]("a")[0]',
Z window["btoa"]("f")[0]',
[ (undefined+[]["filter"])[33]',
\ window["atob"]("01y")[1]',
] (true+[]["filter"])[40]',
^ window["atob"](014)[1]',
_ window["atob"](018)[1]',
` window["atob"]("02A")[1]',
a ("false")[1]',
b (window+[])[2]',
c ([]["filter"]+[])[3]',
d ("undefined")[2]',
e ("true")[3]',
f ("false")[0]',
g ([]+("")["constructor"])[14]',
h window["atob"]("aN")[0]',
i ([false]+undefined)[10]',
j (window+[])[3]',
k window["atob"]("a0")[0]',
l ("false")[2]',
m (Number+[])[11]',
n ("undefined")[1]',
o (true+[]["filter"])[10]',
p window["atob"]("cN")[0]',
q window["atob"]("cf")[0]',
r ("true")[1]',
s ("false")[3]',
t ("true")[0]',
u ("undefined")[0]',
v (0+[]["filter"])[30]',
w ([]["sort"]["call"]()+[])[13]',
x window["atob"]("eN")[0]',
y (NaN+[Infinity])[10]',
z window["atob"]("et")[0]',
{ (NaN+[]["filter"])[21]',
| window["atob"]("03y")[1]',
} (NaN+[]["filter"])[41]',
~ window["atob"](234)[1]'

拼接出來字符串 "eval"，如何把 "eval" 變成 eval() 呢？方法是

[]["sort"]["call"]()["eval"]

其中 []["sort"]["call"]() 等于 [].sort.call() ，等價于 window，所以上面 []["sort"]["call"]()["eval"] 就等價于 window.eval。

然后就是體力活了，把碼表對應(yīng)轉(zhuǎn)換成 eval("blah blah") 這種形式就可以執(zhí)行任意代碼了

不同瀏覽器的碼表不一樣。 Chrome和Firefox的index就不一樣。

其實這個碼表還可以通過 ·toLocal*()` 函數(shù)族擴展到Unicode，比fromCharCode要簡短 :D

轉(zhuǎn)載于:https://www.cnblogs.com/pandora/archive/2010/02/27/1674833.html

總結(jié)

以上是生活随笔為你收集整理的仅用 []()+! 就足以实现几乎任意Javascript代码的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。