Tags: javascript web ast
Rating:
# Background
The challenge implements a language called Hyper Text Programming Language, which defined some tags and compiles them into javascript to make html could do real computation.
# Solution
First we noticed that the HTPL code we wrote renders via `innerHTML`, but the strict CSP makes it unexploitable.
So let's turn to the HTPL part. The HTPL code's compilation is based on ast, which supports only a few nodes: io, array, function, literals, binary and unary operators, assignments and control flows.
But it did not support to get elements from an array or something like . operator to access attrs. And we could not make such a function via a valid HTPL.
As the compiler starts a new line each expression when compiles into javascript, if we could make it comment a part of code, here might be a way to construct a function works like `attr()`.
To make it happen, we need to know all **three** types of javascript comments:
- `/* */`
- `//`
- `
