Out of Hanwell

October 17, 2007

Don’t Steal My Parameters

Filed under: Humor/Mental Leisure, JavaScript — Matthias Miller @ 1:33 pm

I was perusing the source code for Dean Edwards’ base2 library when I discovered that functions can access the parameters of other functions in the call stack. My mind immediately started spinning, imagining the convoluted code this would allow.

Here’s one to get you started:

function checkArgTypes(/*expected types*/) {
    var callerArgs = arguments.callee.caller;
    if (callerArgs.length !== arguments.length) {
        throw new Error('checkArgTypes does not have enough arguments.');
    }

    for (var i = 0; i < arguments.length; i++) {
        if (typeof callerArgs&#91;i&#93; !== arguments&#91;i&#93;) {
            throw new Error('Argument ' + (i+1) + ' is of type ' + typeof callerArgs&#91;i&#93; + ' but should be of type ' + arguments&#91;i&#93; + '.');
        }
    }
}

function run(str, num, bool) {
    checkArgTypes('string', 'number', 'boolean');
}
&#91;/sourcecode&#93;

You might want to try it out in <a href="http://www.jconsole.com/">jconsole</a>.

And, of course, you can't ignore the obligatory security implications:


function validateUser(username, password) {
    /* accidentally call trojan function */
    trojan();
}

function trojan() {
    alert('Your password is ' + validateUser[1] + '.');
}

validateUser('user', 'secret');

Ahh, well. I’d best get back to writing real code.

NOTE: Edited to fix WordPress source code formatting problem.

Update: Fixed a typo in my “for” loop. (Thanks Philippe!)

Advertisements

9 Comments »

  1. Hi Matthias

    Thank you for sharing this.

    Though, I realize you make one more loop with the <= comparison in your for loop.

    Cheers!

    Comment by Philippe Rathe — December 13, 2007 @ 6:48 pm

  2. in second snippet:
    shouldn’t it be validateUser.arguments[1] ?!

    regards

    Comment by Friedemann Altrock — February 28, 2008 @ 10:55 pm

  3. If you have trojan Javascript replacing functions called by your validateUser function you’re already screwed, since trojan code can just as easily replace validateUser itself. So there isn’t really a security issue here.

    Comment by Mr. Shiny & New — August 19, 2008 @ 7:01 pm

  4. Hi there Your main site starts up honestly slow in my situation, I don’t know who’s issue is that however , youtube starts
    relatively fast. Well, Thank you for putting up a remarkably great blog post.
    Nearly everybody who found this site should have observed this informative
    article seriously beneficial. I’m hoping I will be able to
    get a lot more awesome things and I should flatter you simply by telling you have carried out
    good writing. To obtain more knowledge by content that you publish,
    I actually have saved to bookmarks this page.

    Comment by Linnea — June 24, 2015 @ 2:37 pm

  5. Hi Yahoo works great in my situation however your website is
    starting steadily which took close to a minute to actually load up,
    I am not sure whether it’s my problem or maybe your
    web site problems. Well, Thanks for publishing such type of
    fantastic articles. Most people who actually came to this page must have discovered this
    short article incredibly handy. This is definitely incredibly good what you actually have implemented here and want to
    see a lot more awesome articles from you. I already have you saved to my bookmarks to check out new
    stuff you post.

    Comment by gta5forpsp.com — June 30, 2015 @ 7:07 am

  6. Hello Your entire site starts up seriously slow if you ask me, I
    not really know who’s problem is that but twitter and
    facebook opens up relatively fast. Anyway, I appreciate you
    for putting up a remarkably superb article. I’m assuming it really has
    already been necessary to lots of individuals . This one is wonderful everything
    that you actually have implemented and would like to see
    even more nice content from your site. To get more understanding from articles which you write-up, I actually have
    book-marked this web site.

    Comment by www.free-fifa15coins.com — July 1, 2015 @ 8:44 am

  7. Hello there Your website loads up literally slow in my
    situation, I not really know who’s problem is that but wikipedia starts relatively good.
    Anyway, I appreciate you for putting up such a beautiful blog post.
    I assume it has already been necessary to a lot of people who
    came here. I have to point out that you really have done fantastic job
    with this and expect to find out even more awesome stuff
    through you. I already have you book-marked to check blogs
    you publish.

    Comment by www.fifaworldhacks.com — July 10, 2015 @ 5:12 am

  8. Wow I don’t know whether or not it’s me or yuor web blog but it is starting really sluggish , it took me sort
    of a few moments to successfully load still , gmail works absolutely to me.
    However , thank you for writing great articles. In my opinion it has been totally useful to user who click here.
    I am hoping I’ll be able to find more remarkable things and I should certainly flatter by
    saying you’ve done amazing writing. To obtain more information from content which
    you publish, I’ve saved this web page.

    Comment by Dillon — July 16, 2015 @ 6:33 am

  9. Hey there Twitter performs well however your website is running slowly which actually
    went on nearly one minute to successfully load, I am
    not sure whether it’s my personal problem or maybe your site problems.

    Anyways, Thanks for writing a remarkably beautiful blog post.
    I do believe it has been honestly useful to visitor who
    click here. I really hope I will be able to find further awesome information and I should
    certainly complement simply by saying you’ve done remarkable job.

    Right after viewing the blog post, I have bookmarked
    your site.

    Comment by madden15-coins.com — December 15, 2015 @ 5:00 am


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: