What exactly is (alert(1),"") in javascript

Question

I tried doing google gruyeres XSS challenges (http://google-gruyere.appspot.com/part2), and at the stored AJAX XSS challenge they have the following code part for the JSON response:

all <span style=display:none>"
+ (alert(1),"")
+ "</span>your base

The interesting part is: (alert(1),"")

According to the solution provided, the empty string gets returned. According to my testing, the alert(1) still gets exectued.

Is this some sort of function shorthand, or what would this be called in JS?
Why does it execute the alert, but then return the empty string?

Thank you very much for any help!

Best regards,
Rolf

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Operators/Comma_Operator — Dave Newton, May 23 '20 at 21:23
@DaveNewton thank you very much, this was what I was looking for! — Rolf Rüdiger, May 23 '20 at 21:46

score 3 · Accepted Answer · answered May 23 '20 at 21:25

3

This is the comma operator. The code executes alert(1), discards its return value, then evaluates "". Since this is the last item in the expression, its value is returned, which is empty string.

The tutorial I linked describes it as follows:

The comma operator in JavaScript evaluates each of its operands. It returns the value of the last operand. Add multiple expressions using the comma operator.

answered May 23 '20 at 21:25

Robert Columbia

6,012
14
28
36

1

thank you very much for that clear and simple answer! – Rolf Rüdiger May 23 '20 at 21:45

What exactly is (alert(1),"") in javascript

1 Answers1