Solved

How to replace a string

Posted on 2008-10-30
5
516 Views
Last Modified: 2008-11-01
Okay i'm trying to replace the string and then execute it

i have unicoded string which looks like this

<script>document.write('\u0066\u0020\u002b\');</script>

and i need to replace  \ to * then change it back to \

I've attached the code.But it doesn't seam to work right.Please help me out.
<html>
<script type="text/javascript">
 
function encode(){
 
var unibatch="\u0066\u0020\u002b\";
var subas = unibatch.replace(/\/g, "*");
var ptr=subas;
 
document.write('prt.replace(/durnius/g,"*")');
 
}
window.onload=encode;
 
</script>
</html>

Open in new window

0
Comment
Question by:olivest
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 16

Expert Comment

by:sh0e
ID: 22846819
Need more information on what you are trying to do.
<html>
<script type="text/javascript">
 
function encode(){
 
var unibatch="\\u0066\\u0020\\u002b\\";
var subas = unibatch.replace(/\\/g, "*");
var ptr=subas;
 
document.write(ptr.replace(/durnius/g,"*"));
 
}
window.onload=encode;
 
</script>
</html>

Open in new window

0
 

Author Comment

by:olivest
ID: 22847640
i need to convert HEXED string which looks like this \u0066\u0020\u002b\ to this *u0066*u0020*u002b*

and then execute it as HEX string i mean , JS  must recognize it as HEX string and run encoded functions.

for instance original would look like this

document.write('\u0066\u0020\u002b\'); <---- This is understandable to DOM
document.write('*u0066*u0020*u002b*); <---- This is not understandable to DOM

i need javascript to replace characters and execute it.
0
 
LVL 16

Expert Comment

by:sh0e
ID: 22847888
What I gave you would do that, assuming that the string looked like \u0066\u0020\u002b in decoded.

It is difficult to understand what you mean, because this:
document.write('\u0066\u0020\u002b\');
does not work.  That will not execute as it will be interpreted as 3 escaped u's and an escaped endquote, resulting in an unterminated string literal.

If what you want, is to convert '\u0055\u0020\u002b' ("f +" in unicode), to what you want, then you would need to encode it as escaped Unicode and then do the replace.

The actual input string needs to be seen.
0
 

Author Comment

by:olivest
ID: 22848181
Okay i will try to explain carefuly this time

i have string <script>alert('a')</script>

now i go to http://www.codehouse.com/webmaster_tools/html_encoder/index.htm

and encode(HEX) it <script type="text/javascript">document.write('\u003c\u0073\u0063\u0072\u0069\u0070\u0074\u003e\u0061\u006c\u0065\u0072\u0074\u0028\u0027\u0061\u0027\u0029\u003c\u002f\u0073\u0063\u0072\u0069\u0070\u0074\u003e')</script>

which would be understood as HEX'ed source in DOM.

So what i need to do is basicly replace all "\" <---- Backsplashes
to  * <--- start

and so now

i would have this:
<script type="text/javascript">document.write('*u003c*u0073*u0063*u0072*u0069*u0070*u0074*u003e*u0061*u006c*u0065*u0072*u0074*u0028*u0027*u0061*u0027*u0029*u003c*u002f*u0073*u0063*u0072*u0069*u0070*u0074*u003e')</script>

which is completley not understandable for DOM and it will not work.I need to write a function that will replace all * to \ and execute it as proper HEX'ed code.I hope this time is easier to understand my situation.
0
 
LVL 16

Accepted Solution

by:
sh0e earned 500 total points
ID: 22851200
Obscure code.  What are you trying to do, evade script string sanitizers?
function au(s){
return eval('"'+s.replace(/\*/g,'\\')+'"');
}
 
s='*u003c*u0073*u0063*u0072*u0069*u0070*u0074*u003e*u0061*u006c*u0065*u0072*u0074*u0028*u0027*u0061*u0027*u0029*u003c*u002f*u0073*u0063*u0072*u0069*u0070*u0074*u003e';
document.write(au(s));

Open in new window

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I found this questions asking how to do this in many different forums, so I will describe here how to implement a solution using PHP and AJAX. The logical flow for the problem should be: Write an event handler for the first drop down box to get …
This article discusses how to implement server side field validation and display customized error messages to the client.
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question