Parenthesis removed, resulting in altered execution

Question

Parenthesis removed, resulting in altered execution

greg00000 opened this issue 6 years ago · 2 comments

var obj = {val:true}
alert( true || (true && obj.value == true)) //true
alert( true || true && obj.value == true) //false

becomes

var obj = { 'val': !![] };
alert(!![] || !![] && obj['value'] == !![]); //false
alert(!![] || !![] && obj['value'] == !![]); //false

Tested in Adobe ESTK after running Gulp with the following options:
{
compact: false,
controlFlowFlattening: false, //KILLS JSX
deadCodeInjection: false, //KILLS JSX
disableConsoleOutput: false,
identifierNamesGenerator: 'mangled',
renameGlobals: false,
selfDefending: false,
sourceMap: false,
stringArray: false,
rotateStringArray: false,
stringArrayEncoding: false,
splitStrings: false,
transformObjectKeys: false,
unicodeEscapeSequence: false
}

Answer 1 · 2020-01-08T01:31:47.000Z

Here's another example where removal of parenthesis causes nested ternary to fail...

Original:
var shouldBeTrue = true ? (true? true : false) : false
alert( shouldBeTrue ) //true

Obfuscated:
var shouldBeTrue = !![] ? !![] ? !![] : ![] : ![];
alert(shouldBeTrue); //error

Thanks!

Answer 2 · 2020-01-08T02:13:46.000Z

Also tested this at https://obfuscator.io/ and the removal of the parenthesis there is ok. Again, probably a matter of older ECMAscript, but without at least an option to leave the parenthesis alone during obfuscation, a lot of code will fail with Adobe products.

Also, my example would probably be more clear as:
alert( true || (true && "undefined" == true)) //true in ESTK
alert( true || true && "undefined" == true) //false in ESTK,