Function.prototype.toString to discover function dependencies

Juriy Zaytsev kangax.dev at gmail.com
Thu Sep 30 09:09:55 PDT 2010


On Wed, Sep 29, 2010 at 3:13 PM, James Burke <jrburke at gmail.com> wrote:

> On Wed, Sep 15, 2010 at 5:24 PM, James Burke <jrburke at gmail.com> wrote:
> > Is this an acceptable use of Function.prototype.toString? What
> > problems would there be now or in the future?
>
> For the record, the PlayStation 3's browser returns a
> Function.prototype.toString like:
>
> function (require, exports, modue) { /*-2134160600*/ }
>

I made a list of few other representations some time ago —
http://perfectionkills.com/those-tricky-functions/ — where you can see how
they range from modified identifiers, to modified (or omitted) function
bodies, to even crazier extensions like preserving parenthesis and comments
when function is within a grouping operator (in IE)!

( /* foo bar */ (((function f(){}) /* baz qux */ )));
// results in
"( /* foo bar */ (((function f(){}) /* baz qux */ )))"

(extension is gone in IE9, IIRC)

Non-standard nature of `Function.prototype.toString` return value, coupled
with this variation in practice is the reason I avoid (and never recommend)
function decompilation in context of general browser scripting.

P.S. It's worth mentioning that bound functions return host-objects-like
"function(){ [native code] }" representation in at least 3 (IIRC) major
implementations ATM — IE9, FF4 and one of nightly WebKit or Chrome.

(function(){}).bind({}) + ''; // returns something like "function () {
/n [native code] /n }"

Perhaps something that could also use standardization.

[...]

-- 
kangax
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20100930/014e0784/attachment.html>


More information about the es-discuss mailing list