Solved

How to replace a string

Posted on 2008-10-30
5
499 Views
Last Modified: 2008-11-01
Okay i'm trying to replace the string and then execute it

i have unicoded string which looks like this

<script>document.write('\u0066\u0020\u002b\');</script>

and i need to replace  \ to * then change it back to \

I've attached the code.But it doesn't seam to work right.Please help me out.
<html>

<script type="text/javascript">
 

function encode(){
 

var unibatch="\u0066\u0020\u002b\";

var subas = unibatch.replace(/\/g, "*");

var ptr=subas;
 

document.write('prt.replace(/durnius/g,"*")');
 

}

window.onload=encode;
 

</script>

</html>

Open in new window

0
Comment
Question by:olivest
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:sh0e
ID: 22846819
Need more information on what you are trying to do.
<html>

<script type="text/javascript">

 

function encode(){

 

var unibatch="\\u0066\\u0020\\u002b\\";

var subas = unibatch.replace(/\\/g, "*");

var ptr=subas;

 

document.write(ptr.replace(/durnius/g,"*"));

 

}

window.onload=encode;

 

</script>

</html>

Open in new window

0
 

Author Comment

by:olivest
ID: 22847640
i need to convert HEXED string which looks like this \u0066\u0020\u002b\ to this *u0066*u0020*u002b*

and then execute it as HEX string i mean , JS  must recognize it as HEX string and run encoded functions.

for instance original would look like this

document.write('\u0066\u0020\u002b\'); <---- This is understandable to DOM
document.write('*u0066*u0020*u002b*); <---- This is not understandable to DOM

i need javascript to replace characters and execute it.
0
 
LVL 16

Expert Comment

by:sh0e
ID: 22847888
What I gave you would do that, assuming that the string looked like \u0066\u0020\u002b in decoded.

It is difficult to understand what you mean, because this:
document.write('\u0066\u0020\u002b\');
does not work.  That will not execute as it will be interpreted as 3 escaped u's and an escaped endquote, resulting in an unterminated string literal.

If what you want, is to convert '\u0055\u0020\u002b' ("f +" in unicode), to what you want, then you would need to encode it as escaped Unicode and then do the replace.

The actual input string needs to be seen.
0
 

Author Comment

by:olivest
ID: 22848181
Okay i will try to explain carefuly this time

i have string <script>alert('a')</script>

now i go to http://www.codehouse.com/webmaster_tools/html_encoder/index.htm

and encode(HEX) it <script type="text/javascript">document.write('\u003c\u0073\u0063\u0072\u0069\u0070\u0074\u003e\u0061\u006c\u0065\u0072\u0074\u0028\u0027\u0061\u0027\u0029\u003c\u002f\u0073\u0063\u0072\u0069\u0070\u0074\u003e')</script>

which would be understood as HEX'ed source in DOM.

So what i need to do is basicly replace all "\" <---- Backsplashes
to  * <--- start

and so now

i would have this:
<script type="text/javascript">document.write('*u003c*u0073*u0063*u0072*u0069*u0070*u0074*u003e*u0061*u006c*u0065*u0072*u0074*u0028*u0027*u0061*u0027*u0029*u003c*u002f*u0073*u0063*u0072*u0069*u0070*u0074*u003e')</script>

which is completley not understandable for DOM and it will not work.I need to write a function that will replace all * to \ and execute it as proper HEX'ed code.I hope this time is easier to understand my situation.
0
 
LVL 16

Accepted Solution

by:
sh0e earned 500 total points
ID: 22851200
Obscure code.  What are you trying to do, evade script string sanitizers?
function au(s){

return eval('"'+s.replace(/\*/g,'\\')+'"');

}
 

s='*u003c*u0073*u0063*u0072*u0069*u0070*u0074*u003e*u0061*u006c*u0065*u0072*u0074*u0028*u0027*u0061*u0027*u0029*u003c*u002f*u0073*u0063*u0072*u0069*u0070*u0074*u003e';

document.write(au(s));

Open in new window

0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In Part 1 (http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/A_7849-Hex-Maze.html) we covered the hexagonal maze basics -- how the cells are represented in a JavaScript array and how the maze is displayed.  In this part, we'…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

5 Experts available now in Live!

Get 1:1 Help Now