org.mozilla.javascript.ConsString cannot be cast to java.lang.String

[michael-zock]

I have a test case that sounds similar to #247 (ConsString does not transforms to java.lang.String when passed to the host java object).

A test HTML (including all the necessary JS) can be found at https://pastebin.com/bVbPx1sR and the error is java.lang.ClassCastException: org.mozilla.javascript.ConsString cannot be cast to java.lang.String.
The offending function n() seems to be a variation of Base64 and not a straight implementation, so replacing it with a native function won't work.

For example, a datacode of .MDct5SMft2YhJHdvcDO2kTOyI9[@]L@kjZhVjN@MTO2YTNhJ2MiJmZ6[@]QTNyQ9[@]N3MWY6[@]c9[@]M4g9[@]L@9SbvNmLl5Was52bl1WYyZGeuIDdt4GZj9yL translates into Ly9jZG4tdDIueGZyYW1lb25saW5lLmNvbS90L?g4M?c?YWM3N?QyNTQ?ZmJiM2JhNTY2OTM0NjVhZjk0L?IyOTk2ODcvdHJhY2tfMS5tcDM= which would be fed to n() and neither Java, nor https://www.base64decode.org/ consider to be straight Base64.

Example code:

engine.eval("function n(n){for(var r,t,e,o,u,i,c=m()+\"=\",f=0,a=\"\";r=(i=c.indexOf(n.charAt(f++))<<18|c.indexOf(n.charAt(f++))<<12|(o=c.indexOf(n.charAt(f++)))<<6|(u=c.indexOf(n.charAt(f++))))>>16&255,t=i>>8&255,e=255&i,a+=64==o?String.fromCharCode(r):64==u?String.fromCharCode(r,t):String.fromCharCode(r,t,e),f<n.length;);return a}function t(){return i(\"jihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA\")}function m(){return t()+i(a().join(\"\")+\"zyxwvutsrqponmlk\")+i(\"/+\")}function o(){return\"edoc\"}function i(n){return u(r(n).reverse())}function a(){for(var n=[],r=0;r<10;r++)n.push(r);return r=\"0\".charCodeAt(0),n.reverse().map(function(n){return String.fromCharCode(n+r)})}function r(n){return n.split(\"\")}function s(){return\"atad\"}function l(n){return n.replace(/[\\-\\[\\]\\/\\{\\}\\(\\)\\*\\+\\?\\.\\\\\\^\\$\\|]/g,\"\\\\$&\")}function u(n){return n.join(\"\")}function d(n,r){var t=Object.keys(r).map(l);return n.split(RegExp(\"(\"+t.join(\"|\")+\")\")).map(function(n){return r[n]||n}).join(\"\")}function c(){return{\";\":\"===\",\",\":\"==\",\".\":\"=\",\"?\":\"z\",\"?\":\"x\",\"{\":\"ja\",\"}\":\"4L\"}}function f(n){return decodeURIComponent(n.replace(/\\+/g,\" \"))}function p(){return{\"?\":\"%\",\"#\":\"%2\",\"[\":\"%A\",\"]\":\"%D\",\"@\":\"0\"}}");
engine.eval("var res = \"\";");
// engine.eval("res = n(d(f(d(i(\"" + datacode + "\"), p())), c()));"); // Throws error
engine.eval("res = d(f(d(i(\"" + datacode + "\"), p())), c());"); // Returns what's fed into function n()
engine.eval("res = n(res);"); // Throws error
decodedLink = (String) engine.get("res");

Using Nashorn instead of Rhino works, but kinda defeats the purpose of targeting one engine throughout an entire project.

Thanks in advance for any suggestions you can provide!

[rbri]

Hi, funny js code, looks like some script kid likes to hide something :-)

Have done a small test with the provided code from the html file and this works fine here (//cdn-t2.xframeonline.com/t/ac5cc69ea8484dd19e1c9cc5d5897a4aÿò297913/track_1.mp3).

Can you please provide a complete sample (including the rhino version you are using and the setup code for the engine).

[rbri]

Any update?

[p-bakker]

@rbri As its been 2 years, should we close this issue?

[rbri]

Yes let's close please