Eval() javascript code from within C#

Question

I want to eval() and run this javascript code from my C# program, but it won't even debug. How can I do this?

string jsFunc = "eval(function(p,a,c,k,e,d){while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+c+'\\b','g'),k[c])}}return p}('8 4=\'6/13!)!6/12))6/19))))2!,!18*!16!15*!,!:14*-!17:9*!,!26***<\';8 5=\"\";20(3=0;3<4.24;3++){10(4.7(3)==25){5+=\'\\&\'}11 10(4.7(3)==23){5+=\'\\!\'}11{5+=21.22(4.7(3)-1)}};5;',10,27,'|||i|s|m|Nbui|charCodeAt|var||if|else|bct|spvoe|521|8477|_|73|2689|njo|for|String|fromCharCode||l{�ength|28|4451'.split('|')))";

        JSEval.JSEval eval = new JSEval.JSEval();
        string expression, result;

        Console.Write("Выражение: ");
        expression = jsFunc;

        try
        {
            result = eval.Eval(expression).ToString();
        }
        catch
        {
            result = "!!!";
        }

Which doesn't compile - the C# or the JavaScript you're trying to eval? — n8wrl, Jul 13 '12 at 13:25
"Code don't debug?" As in you can't debug it? It crashes when you debug it? The results obtained during debugging are unexpected? — user7116, Jul 13 '12 at 13:25
@jbabey - because javascript has a sandboxed api. It's hard to do anything unsafe in the context of javascript. javascript is widely understood language... no matter what your primary language, just about any developer will also know a little javascript. This makes javascript a good choice to ship with a larger program as a scripting or macro language. Providing an Eval() for C#/.Net code, for example, would be bad by comparison, because someone could use it as a security breach to do anything in the context of the system and user. — Joel Coehoorn, Jul 13 '12 at 14:29
@JoelCoehoorn "It's hard to do anything unsafe in the context of javascript. javascript is widely understood language". These statements are both blatantly false. — jbabey, Jul 13 '12 at 14:31

score 3 · Answer 1 · edited May 23 '17 at 12:12

3

One potential problem, if I am permitted to hazard a guess based on the slim details available, is the odd character sequence found in the string:

...||l{�ength|28|4451'.split('|')))";

Perhaps you should remove the {� and re-run the code.

To elaborate on other meanings of the phrase "code don't debug":

Ensure the project is configured to build in Debug mode.
If your expectation is that you can step through the JavaScript, this will not be possible. You should instead debug the JavaScript using something like Firebug.
If you cannot mentally debug the JavaScript, because it has been minified, you should look at a tool to unpack the JavaScript into something more human readable.

edited May 23 '17 at 12:12

Community

1
1

answered Jul 13 '12 at 13:26

user7116

63,008
17
141
172

eval(function(p,a,c,k,e,d){while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+c+'\\b','g'),k[c])}}return p}('8 4=\'6/13!)!6/12))6/19))))2!,!18*!16!15*!,!:14*-!17:9*!,!26***<\';8 5=\"\";20(3=0;3<4.24;3++){10(4.7(3)==25){5+=\'\\&\'}11 10(4.7(3)==23){5+=\'\\!\'}11{5+=21.22(4.7(3)-1)}};5;',10,27,'|||i|s|m|Nbui|charCodeAt|var||if|else|bct|spvoe|521|8477|_|73|2689|njo|for|String|fromCharCode||{length|28|4451'.split('|'))) – user1523651 Jul 13 '12 at 13:30
2

I don't know what you mean when you paste that code. – user7116 Jul 13 '12 at 13:32

Eval() javascript code from within C#

1 Answers1