Why Google Chrome console throws "SyntaxError: Unexpected token }" when inputted (

15,537

Edit: I found the exact code that gets evaluated. The code is in "src/third_party/WebKit/Source/WebCore/inspector/InjectedScriptSource.js".

Before the Chrome console evaluates your code, it wraps it in a with block to bring the command-line functions into scope. So what you type is actually evaluated inside braces. The unexpected "}" token is the one put in automatically by Chrome.

The code that Chrome passes to eval is

with ((window && window.console && window.console._commandLineAPI) || {}) {
    <your code here>
};

Because it's a simple text substitution, the following example works and the result is an object which you can expand to see the answer property:

} 0, { answer: 42

Which (reformatted) is equivalent to:

with ((window && window.console && window.console._commandLineAPI) || {}) {
}
0, { answer: 42 };

The } at the beginning closes the with block. The 0, part is necessary to force the object literal to be parsed as an expression instead of another block. Then, the { answer: 42 is the beginning of an object literal that gets closed by the inserted } token.

For more fun, here are some other inputs that work (and their results):

> }{ // an empty block, so no value
  undefined

> }!{ // !{} === false
  false

> }!!{ // !!{} === true
  true

> } +{ valueOf: function() { return 123; }
  123
Share:
15,537

Related videos on Youtube

itchyny
Author by

itchyny

Updated on June 04, 2022

Comments

  • itchyny
    itchyny almost 2 years

    In Google Chrome's console, when we input

    (

    and Enter, Chrome says "SyntaxError: Unexpected token }" Why? Input is just "(", including no "}".

    We get the same error when we input

    console.log(

    There's no "}"!!!

    Next token should be arguments list or ")" so error message should be "Expected arguments list" or "Unclosed (" or something.

    And I wanna know, is console input parsed as StatementList(opt) (defined in ECMA-262)?

    • BoltClock
      BoltClock about 13 years
      @Seth: He did, it's just not easy to see.
  • Cameron
    Cameron about 13 years
    +1 for what amounts to clever SQL-injection with Javascript ;-) That 0 is most curious...
  • itchyny
    itchyny about 13 years
    Thanks for quick response. Hmm... It's very tricky... So Chrome seems to parse '{' + text + '}'. I tried }; '10 '+{ and get "10 [object Object]", which is the same result as Firefox.
  • itchyny
    itchyny about 13 years
    Wow! Great! I saw InjectedScriptSource.js line 280 to find exactly what you're saying! Thank you very much!
  • Joachim Sauer
    Joachim Sauer about 13 years
    @Cameron: it would be a JavaScript-injection attack then ;-)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related