I am interested in understanding the internals of [JavaScript][1]. I've tried to read the source for [SpiderMonkey][2] and [Rhino][3] but it's quite complex to wrap my head around. The reason I ask is: why does something like - `(![]+[])[+!![]+[]]` produce `"a"` - `(Å=[],[µ=!Å+Å][µ[È=++Å+Å+Å]+({}+Å)[Ç=!!Å+µ,ª=Ç[Å]+Ç[+!Å],Å]+ª])()[µ[Å]+µ[Å+Å]+Ç[È]+ª](Å)` produce `alert(1)`? Source: http://sla.ckers.org/forum/read.php?24,32930,page=1. There's many more examples of JavaScript oddities on that forum and I wanted to know how it works from a programming point of view with respect to web application security. [1]: http://en.wikipedia.org/wiki/JavaScript [2]: http://en.wikipedia.org/wiki/SpiderMonkey_%28JavaScript_engine%29 [3]: http://en.wikipedia.org/wiki/Rhino_%28JavaScript_engine%29
if you are interested in how languages work, nothing beats writing a compiler for it yourself - that will basically teach you the language, and its internals.