I tried doing google gruyeres XSS challenges (http://google-gruyere.appspot.com/part2), and at the stored AJAX XSS challenge they have the following code part for the JSON response:
all <span style=display:none>"
+ (alert(1),"")
+ "</span>your base
The interesting part is: (alert(1),"")
根据提供的解决方案,将返回空字符串。根据我的测试,alert(1)仍然被执行。
这是某种形式的函数速记,还是在JS中称为什么? 为什么执行警报,然后返回空字符串?
非常感谢您的帮助!
最好的祝福, 罗尔夫
This is the comma operator. The code executes
alert(1)
, discards its return value, then evaluates""
. Since this is the last item in the expression, its value is returned, which is empty string.我链接的教程对它的描述如下: