Skip to content

Hidden javascript properties

Javascript contains hidden properties in many objects, I first discovered this when DoctorDan from the slackers forum demonstrated a technique to get the text from a regular expression object without specifying the source property. Later I found a post by John Resig about weird IE behavior again with -1 properties.

So I decided to experiment and write a little script to investigate further. I discovered that it’s possible to access strings of global object names. For example:-

alert(Boolean[-6]);
alert(typeof Boolean[-6]);

It seems that Firefox at least stores names of objects in “-6″, the example above returns the value “Boolean” as a string. Here’s a few examples I posted slackers which use Objects to create strings.

This is the simple script I wrote to find the properties, feel free to experiment and find any other “hidden” gems.

function inspectObject(obj) {
 var prop;
 var props = [];
 for(var i=-1000;i<1000;i++) {
  if(i > 0) {
     prop = obj[String.fromCharCode(i)];
     if(prop != null) {
      props.push(String.fromCharCode(i) + '=' + prop);
     }  
  } else {
     prop = obj[i];
     if(prop != null) {
      props.push(i + '=' + prop);
    }
  }
 }
 return props;
}
 
x=function x(){};
inspectObject(x)
Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Slashdot
  • StumbleUpon

Comments 6

  1. .mario wrote:

    This is one impressive piece of finding. And - I mean… what is wrong with this language? :)

    alert[-3].eval(’alert(1)’)

    Posted 06 Mar 2008 at 10:24 pm
  2. Gareth Heyes wrote:

    Yeah it’s the language of hackers :D

    Posted 06 Mar 2008 at 10:25 pm
  3. Ronald wrote:

    hehe cool stuff. :)

    I was busy myself with investigating js parsing time of objects in Opera, found out that a location.assign takes 320 millisec to load, in that time it’s possible to access the DOM of another page. Sadly, after it, it loads the new assigned url :( pity, i thought I found a gem in Opera to read cross-domain.

    Posted 07 Mar 2008 at 12:44 am
  4. Gareth Heyes wrote:

    Cheers Ronald :)

    Sounds interesting I’ll stay tuned to your blog :)

    Posted 07 Mar 2008 at 12:30 pm
  5. thornmaker wrote:

    I remember playing with some of the negative references when I first saw the /foo/[-1] trick, but I never noticed this! very cool find!

    Posted 07 Mar 2008 at 8:40 pm
  6. Gareth Heyes wrote:

    @thornmaker

    Thanks :)

    It appears that FF beta uses -5 instead of -6 which I found interesting.

    Posted 08 Mar 2008 at 9:14 am

Post a Comment

Your email is never published nor shared. Required fields are marked *

Comment spam protected by SpamBam