Home/ Questions/Q 9006657
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-16T01:28:15+00:00

I was reading some source code of a firefox extension and i saw some

  • 0

I was reading some source code of a firefox extension and i saw some expression like 

0*this;

dose this expression means anything ?

ps: I’m chinese, if there is some thing wrong with my English, please tell me, Thanks!

Here is a function of the extension;

function inGetter(){
   0*this;
   var gin=  Components.lookupMethod(this,"innerHTML")();
   gin=String.newTainted(gin,"divElement.INNERHTML");

   if(__domIntruderObj.settings.enabled  )
      __domIntruderObj.log("Getter",this.tagName+".value",gin, __domIntruderObj.util.getCallStack(arguments));
   return gin;
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The code is part of an XSS detection Firefox extension.

    As mentioned in another answer, multiplication causes a call to the engine’s internal DefaultValue method. What happens there is: it tries valueOf and toString before throwing an error. For example,

    2 * { valueOf: function () { return 3; }} // 6
2 * { toString: function () { return '4'; }} // 8
2 * { toString: function () { return this; }} // TypeError

    So this side-effect can be used to gain some information on the object. Particularly, there is some custom toString implementation in the code, which I think this is used to generate some call stack log. I haven’t really gone into the details though.

    • 0