Function.toString()(隐性):

function x() {
    alert("Hello World");
}
eval ("x = " + (x + "").replace(
    'Hello World',
    'STACK OVERFLOW BWAHAHA"); x("'));
x();

JavaScript中的时间戳:

// Usual Way
var d = new Date();
timestamp = d.getTime();

// Shorter Way
timestamp = (new Date()).getTime();

// Shortest Way
timestamp = +new Date();

您可以动态地重新定义运行时环境的大部分内容，例如修改Array构造函数或定义undefined。并不是说你应该这样做，但它可以是一个强大的功能。

一种稍微不那么危险的形式是向现有对象添加helper方法。例如，你可以让IE6在数组上“原生”支持indexOf。

可以使用[]而不是。

这允许您查找与变量匹配的属性。

obj = {a:"test"};
var propname = "a";
var b = obj[propname];  // "test"

您还可以使用此命令获取/设置名称不是合法标识符的对象属性。

obj["class"] = "test";  // class is a reserved word; obj.class would be illegal.
obj["two words"] = "test2"; // using dot operator not possible with the space.

有些人不知道这一点，最终像这样使用eval()，这是一个非常糟糕的主意:

var propname = "a";
var a = eval("obj." + propname);

这更难阅读，更难发现错误(不能使用jslint)，执行速度更慢，并可能导致XSS漏洞。

下面是一些有趣的事情:

Comparing NaN with anything (even NaN) is always false, that includes ==, < and >. NaN Stands for Not a Number but if you ask for the type it actually returns a number. Array.sort can take a comparator function and is called by a quicksort-like driver (depends on implementation). Regular expression "constants" can maintain state, like the last thing they matched. Some versions of JavaScript allow you to access $0, $1, $2 members on a regex. null is unlike anything else. It is neither an object, a boolean, a number, a string, nor undefined. It's a bit like an "alternate" undefined. (Note: typeof null == "object") In the outermost context, this yields the otherwise unnameable [Global] object. Declaring a variable with var, instead of just relying on automatic declaration of the variable gives the runtime a real chance of optimizing access to that variable The with construct will destroy such optimzations Variable names can contain Unicode characters. JavaScript regular expressions are not actually regular. They are based on Perl's regexs, and it is possible to construct expressions with lookaheads that take a very, very long time to evaluate. Blocks can be labeled and used as the targets of break. Loops can be labeled and used as the target of continue. Arrays are not sparse. Setting the 1000th element of an otherwise empty array should fill it with undefined. (depends on implementation) if (new Boolean(false)) {...} will execute the {...} block Javascript's regular expression engine's are implementation specific: e.g. it is possible to write "non-portable" regular expressions.

[更新了一点，以回应良好的评论;请参阅评论]

与。

它很少被使用，坦率地说，很少有用……但是，在有限的情况下，它确实有它的用途。

例如:对象字面量对于快速在新对象上设置属性非常方便。但是，如果需要更改现有对象的一半属性，该怎么办呢?

var user = 
{
   fname: 'Rocket', 
   mname: 'Aloysus',
   lname: 'Squirrel', 
   city: 'Fresno', 
   state: 'California'
};

// ...

with (user)
{
   mname = 'J';
   city = 'Frostbite Falls';
   state = 'Minnesota';
}

Alan Storm指出，这可能有点危险:如果用作上下文的对象没有被赋值的属性之一，它将在外部作用域被解析，可能会创建或覆盖一个全局变量。如果你习惯了用默认值或空值未定义的对象编写代码，这是特别危险的:

var user = 
{
   fname: "John",
// mname definition skipped - no middle name
   lname: "Doe"
};

with (user)
{
   mname = "Q"; // creates / modifies global variable "mname"
}

因此，避免使用with语句进行这种赋值可能是一个好主意。

请参见:JavaScript的“with”语句是否有合法用途?