I tried doing google gruyeres XSS challenges (http://google-gruyere.appspot.com/part2), and at the stored AJAX XSS challenge they have the following code part for the JSON response:
all <span style=display:none>"
+ (alert(1),"")
+ "</span>your base
The interesting part is: (alert(1),"")
根据提供的解决方案,将返回空字符串。根据我的测试,alert(1)仍然被执行。
这是某种形式的函数速记,还是在JS中称为什么? 为什么执行警报,然后返回空字符串?
非常感谢您的帮助!
最好的祝福, 罗尔夫
This is the comma operator. The code executes
alert(1), discards its return value, then evaluates"". Since this is the last item in the expression, its value is returned, which is empty string.我链接的教程对它的描述如下: