5文字で書くJavaScript/ Shibuya.XSS techtalk #10

Transcript

1. |>|>|>|>|>|>|>|>|>|>|>|>|>|>|>|>|>|> >|>|>|>|>|>|>|>|>|>|>|>|>|>|>|>|>|> |>|>|>|>|>|>|>|>|>|>|> |>|>|>|>|>|>|>|>|>|>|>

2. • • •

3. None
4. None

5. • • http://utf-8.jp/public/jjencode.html

6. • •

7. • • 0 1 2 3 4 5 6 7

   8 9 a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
8. None
9. None

10. BANG!

11. |>

12. https://github.com/tc39/proposal-pipeline-operator The pipeline operator is essentially a useful syntactic sugar

    on a function call with a single argument. |>

13. alert(1)

14. 1 |> alert

15. • []()!+|> 8-2=6

16. • [] !+|> 6-1=5

17. • []+|> 5

18. • • •

19. None

20. • •

21. > Function("alert(1)") < ƒ anonymous() {alert(1)}

22. > Function("alert(1)")() OK

23. > [].constructor

24. > []["constructor"]

25. > []["constructor"] === Array < true > []["constructor"]["constructor"] === Function

    < true

26. > []["constructor"]["constructor"]("alert(1)")() OK

27. > []["constructor"]["constructor"]("CODE")()

28. > []["constructor"]["constructor"]("CODE")()

29. > "CODE"|>[]["constructor"]["constructor"] > []["constructor"]["constructor"]("CODE")

30. > []|>"CODE"|>[]["constructor"]["constructor"] > []["constructor"]["constructor"]("CODE")()

31. exclaim(capitalize(doubleSay("hello"))); "hello" |> doubleSay |> capitalize |> exclaim;

32. > ("CODE"|>[]["constructor"]["constructor"])()

33. > ["CODE"|>[]["constructor"]["constructor"]][0]() ( Expression ) [ Expression ][0]

34. > []|>["CODE"|>[]["constructor"]["constructor"]][0]

35. > []|>["CODE"|>[]["constructor"]["constructor"]][0]

36. //JSFuckの基本型 []["constructor"]["constructor"]("CODE")() //5文字JSの基本型 []|>["CODE"|>[]["constructor"]["constructor"]][0]

37. None

38. > +[] < 0

39. > []>[] < false > [0]>[] < true

40. > [][[]] < undefined

41. > +[true][0] < 1 > +[true][0]+[true][0] < 2 > +[true][0]+[true][0]+[true][0]

    < 3 > ...

42. > [true][0]+[] < "true" > [false][0]+[] < "false" > [undefined][0]+[]

    < "undefined"

43. > ["true"][0][0] < "t" > ["true"][0][1] < "r" > ["true"][0][2]

    < "u"

44. > []|>["CODE"|>[]["constructor"]["constructor"]][0]

45. > []["fill"]+[] < "function fill() { [native code] }"

46. None

47. [[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[]]][+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+[]][+[]][+[ [+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[[+[]] >[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[]]][+[]][+ [[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]> []][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+ [[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[][[]]+[]][+[]][+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]] +[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[+[]]>[]]+[]][+[]][+[]]+[[[+[]]>[]]+[]][+[]][+[[+[]]>[]][+[]]]+[[ [+[]]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[ ]]][+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]] [+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[+[]

    ]>[]]+[]][+[]][+[]]+[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[]]][+[]][+[[+[]]>[]][+[]]+[+[]]]+ [[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]] ]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[ ]][+[]]]+[[[+[]]>[]]+[]][+[]][+[[+[]]>[]][+[]]]

48. > []|>["alert(1)"|>[]["constructor"]["constructor"]][0]

49. []|>[[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[+[]]>[]]+[] ][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[+[]]>[]]+[]][+[]][+[[+[]]>[]][+[]]]+[[[+[]]>[]] +[]][+[]][+[]]+[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[]]][+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+ []][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[ [+[]]>[]][+[]]+[+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[+[[+[]]>[]][+[]]][+[]]+[[][[[[]>[]]+[]] [+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[]]][+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[] ]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[[+[]]>[]][+[]]+[+[[+[]]>[]][+[] ]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]|>[][[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[] ]][+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[ ]]>[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[][[[[]>[]]+[]][+

    []][+[]]+[[[[]>[]]+[]][+[]]+[][[]]][+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]> []][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[ +[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[][[]]+[]][+[]][+[[+[]]>[]][+[]]]+[[[]>[]]+ []][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[+[]]>[]]+[]][+[]][+[]]+[[[+[]]>[]]+[]][+[]][+ [[+[]]>[]][+[]]]+[[[+[]]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[] ]+[]][+[]]+[][[]]][+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[] ]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[ [+[]]>[]]+[]][+[]][+[]]+[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[]]][+[]][+[[+[]]>[]][+[]]+[+[]]]+ [[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[] ][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[ [+[]]>[]]+[]][+[]][+[[+[]]>[]][+[]]]][[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[]]][+[]][+[[+[]]>[] ][+[]]+[+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]] >[]][+[]]]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]] +[]][+[]]+[][[]]][+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]] +[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[ ]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[][[]]+[]][+[]][+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[ ]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[+[]]>[]]+[]][+[]][+[]]+[[[+[]]>[]]+[]][+[]][+[[+[]]>[]][+[]]]+[ [[+[]]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[]]] [+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]] >[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[+[]]>[]]+[]][+[]] [+[]]+[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[]]][+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+[]][+[]][ +[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[[+[]]>[]] [+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[+[]]>[]]+[]][+[]] [+[[+[]]>[]][+[]]]]][+[]]

50. []|>[[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[+[]]>[]]+[] ][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[+[]]>[]]+[]][+[]][+[[+[]]>[]][+[]]]+[[[+[]]>[]] +[]][+[]][+[]]+[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[]]][+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+ []][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[ [+[]]>[]][+[]]+[+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[+[[+[]]>[]][+[]]][+[]]+[[][[[[]>[]]+[]] [+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[]]][+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[] ]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[[+[]]>[]][+[]]+[+[[+[]]>[]][+[] ]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]|>[][[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[] ]][+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[ ]]>[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[][[[[]>[]]+[]][+

    []][+[]]+[[[[]>[]]+[]][+[]]+[][[]]][+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]> []][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[ +[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[][[]]+[]][+[]][+[[+[]]>[]][+[]]]+[[[]>[]]+ []][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[+[]]>[]]+[]][+[]][+[]]+[[[+[]]>[]]+[]][+[]][+ [[+[]]>[]][+[]]]+[[[+[]]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[] ]+[]][+[]]+[][[]]][+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[] ]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[ [+[]]>[]]+[]][+[]][+[]]+[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[]]][+[]][+[[+[]]>[]][+[]]+[+[]]]+ [[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[] ][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[ [+[]]>[]]+[]][+[]][+[[+[]]>[]][+[]]]][[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[]]][+[]][+[[+[]]>[] ][+[]]+[+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]] >[]][+[]]]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]] +[]][+[]]+[][[]]][+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]] +[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[ ]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[][[]]+[]][+[]][+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[ ]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[+[]]>[]]+[]][+[]][+[]]+[[[+[]]>[]]+[]][+[]][+[[+[]]>[]][+[]]]+[ [[+[]]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[]]] [+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]] >[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[+[]]>[]]+[]][+[]] [+[]]+[[][[[[]>[]]+[]][+[]][+[]]+[[[[]>[]]+[]][+[]]+[][[]]][+[]][+[[+[]]>[]][+[]]+[+[]]]+[[[]>[]]+[]][+[]][ +[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[]>[]]+[]][+[]][+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]]+[]][+[]][+[[+[]]>[]] [+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]+[[+[]]>[]][+[]]]+[[[+[]]>[]]+[]][+[]] [+[[+[]]>[]][+[]]]]][+[]] OK

51. unescape("%u0051")

52. https://syllab.fr/projets/experiments/xcharsjs/5chars.pipeline. html https://babeljs.io/repl/build/5099/#?babili=false&browsers=& build=&builtIns=false&code_lz=IwHwfAhgNgpgTgFyA&debug=f alse&circleciRepo=&evaluate=true&lineWrap=false&presets=st age-0&prettier=false&targets=&version=7.0.0- beta.2%2Bpr.6335

53. • •

54. |>|>|>|>|>|>|>|>|>|>|>|>|>|>|>|>|>|> >|>|>|>|>|>|>|>|>|>|>|>|>|>|>|>|>|>