javascript探测执行环境
1、探测调用者:
>> var f=function(b,c,d){var x=b+c+d;console.log(f.caller);return x;}
undefined
>> f(1,2,3)
function (evalFunction, object, objectGroup, expression,
isEvalOnCallFrame, injectCommandLineAPI)
{
// Only install command line api object
// for the time of evaluation.
// Surround the expression in with statements
// to inject our command line API so that
// the window object properties still take
// more precedent than our API functions.
try {
if (injectCommandLineAPI && inspectedWindow.console) {
inspectedWindow.console._commandLineAPI =
new CommandLineAPI(this._commandLineAPIImpl,
isEvalOnCallFrame ? object : null);
expression = "with ((window && window.console && " +
"window.console._commandLineAPI) || {}) +
"{\n" + expression + "\n}";
}
var result = evalFunction.call(object, expression);
if (objectGroup === "console")
this._lastResult = result;
return result;
} finally {
if (injectCommandLineAPI && inspectedWindow.console)
delete inspectedWindow.console._commandLineAPI;
}
}
2、探测自己:
>> var f=function(b,c,d){ var x=b+c+d;console.log(f.arguments.callee);return x; }
undefined
>> f(1,2,3)
function (b,c,d){var x=b+c+d;console.log(f.arguments.callee);return x;}
6
js的这种动态获取执行环境的信息,可以用于多种安全用途,对caller的探测可以作为某种sniffer识别浏览器,对callee的探测则有着更广泛的用途,如用于js混淆/加壳。