“反编译” JavaScript 函数?
[1] 好吧,老实说,我什至不知道该怎么称呼它。所以让我得到一些半伪代码,来展示我想要做什么。我使用 jQuery 从 AJAX 调用获取页面内 createDocument()
元素内声明的现有脚本。
GM_xmlhttprequest({ ... load:function(r){ var doc = document_from_string(r.responseText); script_content = $('body script:regex(html, local_xw_sig)', doc).html(); var scriptEl = document.createElement('script'); scriptEl.type = 'text/javascript'; scriptEl.innerHTML = script_content; // good till here (function(sc){ eval(sc.innerHTML); // not exactly like this, but you get the idea, errors alert('wont get here ' + local_xw_sig); // local_xw_sig is a global "var" inside the source })(scriptEl); } });
到目前为止一切顺利,脚本确实包含整个脚本块的源代码。现在,在这个“script_content”中,有自动执行函数,例如 $(document).ready(function(){...}) ,我“评估”innerHTML 的所有内容,它都会执行此代码,停止我的封装脚本。就像不存在的变量等。
使用正则表达式删除脚本的某些部分并不是真正的选择......我真正想要的是“行走”在函数内部。就像做一个(完全虚构):
script = eval("function(){" + script_content + "};"); alert(script['local_xw_sig']); // a03ucc34095cw3495
有什么方法可以“反汇编”该函数,并能够到达其中的“var”吗? 就像这个函数:
function hello(){ var message = "hello"; } alert(hello.message); // message = var inside the function
有可能吗?或者我将不得不使用正则表达式破解我的方式? ;P
[2] 另外,有什么方法可以访问使用“createDocument”创建的文档内的 javascript 吗?
[1] Ok, I don't even know how to call this, to be honest. So let me get some semi-pseudo code, to show what I'm trying to do. I'm using jQuery to get an already existing script declared inside the page, inside a createDocument()
element, from an AJAX call.
GM_xmlhttprequest({ ... load:function(r){ var doc = document_from_string(r.responseText); script_content = $('body script:regex(html, local_xw_sig)', doc).html(); var scriptEl = document.createElement('script'); scriptEl.type = 'text/javascript'; scriptEl.innerHTML = script_content; // good till here (function(sc){ eval(sc.innerHTML); // not exactly like this, but you get the idea, errors alert('wont get here ' + local_xw_sig); // local_xw_sig is a global "var" inside the source })(scriptEl); } });
So far so good, the script indeed contains the source from the entire script block. Now, inside this "script_content", there are auto executing functions, like $(document).ready(function(){...}) that, everything I "eval" the innerHTML, it executes this code, halting my encapsulated script. Like variables that doesn't exist, etc.
Removing certain parts of the script using regex isn't really an option... what I really wanted is to "walk" inside the function. like do a (completely fictional):
script = eval("function(){" + script_content + "};"); alert(script['local_xw_sig']); // a03ucc34095cw3495
Is there any way to 'disassemble' the function, and be able to reach the "var"s inside of it?
like this function:
function hello(){ var message = "hello"; } alert(hello.message); // message = var inside the function
Is it possible at all? Or I will have to hack my way using regex? ;P
[2] also, is there any way I can access javascript inside a document created with "createDocument"?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
由于作用域的原因,简单地尝试从函数外部访问函数内部的局部变量是不可能的。然而,使用闭包你绝对可以做到这一点:
准确地注意这里发生的事情。您正在调用一个返回函数的函数,其中
“yourMessage”
现在在其作用域内定义。第二次调用该内部闭包将产生您之前设置的变量。如果你不熟悉 JS 中的闭包,我建议你阅读这个精彩的常见问题解答。
Simply trying to access a local variable inside a function from outside of it is impossible due to scope. However, using closures you can absolutely accomplish this:
Note exactly what's happening here. You are calling a function which returns a function, in which
"yourMessage"
is now defined inside its scope. Calling that inner closure the second time will yield that variable you set earlier.If you are not familiar with closures in JS, I suggest you read this wonderful FAQ.
那样是不可能的。您可以内省对象的属性(任何函数都是对象),但不能在使用 new 运算符创建实例之前进行。
看看您的代码示例,您的方法似乎有点混乱 - eval()'ing 脚本块是除非绝对必要否则不应该做的事情(我无法想象的情况)。
It's not possible that way. You can introspect object's properties (any function is an object), but not before you have created an instance with
new
operator.Looking at your code sample, it seems that your approach is a bit messy – eval()'ing script blocks is something one should not do unless absolutely necessary (a situation I can't imagine).
在您的示例中,
您实际上可以使用 hello.toString() 来获取函数源,如下所示:
In your example at
you can in fact use hello.toString() to get the function source, like this:
您希望在全局范围内评估脚本 。简而言之,
另请查看 Google 的 caja 以进行安全的外部脚本评估。
You want to eval the script in global scope. Briefly it is,
Also check out Google's caja for secure external script evaluation.