to be clear we are eval'ing some text box contents
okay what's going on
You are just defining a pipeline of functions, and the input gets passed through all of them in order.
We predefine a bunch of common ciphers and encodings for easy access; try rot13 or atbash.
Some functions take additional arguments, which are just specified right after the function. We look at the function's length to see how many. So shift 3 will do you a little Caesar shift by calling input => shift(3, input).
Usually the predefined cipher functions take any number, string, or array of numbers and strings, and return the same; they'll concatenate any adjacent strings in the output, and unwrap the final array if it's length 1.
You can also drop down into raw JavaScript at any time, just surround your code with parentheses. So you can drop a (x => x + x) in the middle of the pipeline. This is lexed naively by counting parentheses, so if your code has an unmatched "(" literal inside it won't work. Consider \x28 or \x29.
If your expression's code specifically starts with
c =>, we'll apply it to each character (and leave other data as-is);
n =>, number;
s =>, string.
replace is String.replaceAll. Quick JavaScript tutorial: A replacement string can use $& for the replaced string, $1 etc. for capture groups; or a replacement function similarly gets the replaced string and capture groups as arguments.
Also, all the functions are dumped into the global scope, so you can use them in the browser console.