Arg, scooped! I was working on this <i>exact</i> same thing! :D<p>Since you've beat me to it, let me offer up a couple additional tricks you might want to use. If you want to make this completely independent of browser API's, you can eliminate the dependence on window.location (or atob/btoa as the sla.ckers.org poster did).<p>Trick #1 is to get the letter "S".<p>You can extract this from the source code of the String constructor, but you want to be careful to make this as portable as possible. The ES spec doesn't mandate much about the results of Function.prototype.toString, although it "suggests" that it should be in the form of a FunctionDeclaration. In practice you can count on it starting with [whitespace] "function" [whitespace] [function name]. So how to eliminate the whitespace?<p>For this, we can make use of JS's broken isNaN global function, which coerces its argument to a number before doing its test. It just so happens that whitespace coerces to NaN, whereas alphabetical characters coerce to 0. So isNaN is just the predicate we need to strip out the whitespace characters. So we can reliably get the string "S" from:<p>[].slice.call(String+"").filter(isNaN)[8]<p>Of course, to get isNaN you need the Function("return isNaN")() trick, and you know how the rest of the encoding works.<p>Trick #2 then lets you get any lowercase letter, in particular "p".<p>For this, we can make use of the fact that toString on a number allows you to pick a radix other than 2, 8, 10, or 16. Again, the ES spec doesn't <i>mandate</i> this, but in practice it's widely implemented, and the spec does say that if you implement it its behavior needs to be the proper generalization of the other radices. So we can get things like:<p>(25).toString(26) // "p"<p>(17).toString(18) // "h"<p>(22).toString(23) // "m"<p>and other hard-to-achieve letters.<p>But once you've got "p", you're home free with escape and unescape, as you said in your post.<p>Dave