pub fn js_string_concat(input: &str) -> StringExpand description
Applies JavaScript string concatenation obfuscation.
Splits the string into 2-4 character chunks and joins them with JavaScript
string concatenation operators (+). This creates valid JavaScript code
that evaluates to the original string, useful for bypassing static analysis
and pattern-matching security filters.
§Use Cases
- XSS Testing: Obfuscate JavaScript payloads to evade WAF
- Red Team: Bypass JavaScript-based content filters
- Blue Team: Test if security tools detect concatenated strings
- Bot Detection: Test JavaScript parser implementations
§Examples
use redstr::js_string_concat;
let result = js_string_concat("alert");
// Example output: "'al'+'er'+'t'" or "'ale'+'rt'" (varies each run)
assert!(result.contains("+") || result.len() >= 5);
// Obfuscate XSS payload
let xss = js_string_concat("alert(1)");
// Example: "'ale'+'rt('+'1)'"
// Usage: eval("'ale'+'rt('+'1)'") === "alert(1)"
// Bypass static analysis
let cmd = js_string_concat("document.cookie");
// Example: "'doc'+'umen'+'t.co'+'okie'"