search

denysdovhan / wtfjs

🤪 A list of funny and tricky JavaScript examples
http://bit.ly/wtfjavascript
Do What The F*ck You Want To Public License
35.24k stars 2.56k forks source link

Insane Proxy hack #329

Open tj-commits opened 3 months ago

tj-commits commented 3 months ago 
const quoteless = new Proxy({}, {
  get(_, key) {
    if(key === Symbol.unscopables) return {}
    if(key === "__global") return globalThis
    return `${key} `
  },

  has(_, __) {
    return true
  }
})

with (quoteless) {
  __global.console.log(This + is + black + magic)
}

This outputs "This is black magic" to the console. The way this works is that when a property is accessed then it just gets the name of the property that was accessed. Using with (quoteless) makes all the properties be accessible without quoteless.property. The way we access console.log is by checking if the key is a magic word, such as __global, to access the globalThis. My explanation is terrible, don't use it in the real repository lol

Rudxain commented 1 month ago

I want to puke 💀. Take my upvote, lol.

Now that I think about it, the with (proxy) pattern has so much potential for obfuscation! JS is Turing-Complete and has access to runtime APIs, so a Proxy could be non-deterministic!

Rudxain commented 1 week ago

I've created a monster 💀

tj-commits commented 1 week ago

@Rudxain wow