How to find which [content] script execute the eval code - javascript

Recently In my chrome, every page loads https://s3.amazonaws.com/exthub/e/2/r/US_chrome.js?cached=true and it is really annoying. I want to find which extension added such code snippets. But in the Network panel of Chrome devtools, the Initiator just shown VM***, I could not find which script invoke it even I set some break points in the scripts.
I have a lot of chrome extension, so it was difficult to check echo extension one by one. I also tried to search some keyword like content_scripts,executeScript,amazonaws and so on in %AppData%\..\Local\Google\Chrome\User Data\Default\Extensions, but I still could not find it.
Is there any convenient methods for finding the source script.
The VM*** script is the following.
(() => {
if (document.querySelector('script[data-awssuidacr]') !== null) {
return;
}
const head = document.querySelector('head');
const script = document.createElement('script');
script.type = 'text/javascript';
script.src = 'https://s3.amazonaws.com/exthub/e/2/r/US_chrome.js?cached=true';
script.dataset['awssuidacr'] = 'KMyretRSNnBnMx4zVMxXIXOlCwtj9scH';
head.appendChild(script);
})();

#dorian Thanks for your advice. Now I tried to disable the "YouTube Video Downloader", and the scripts did not show up again.
I did not find the extension by searching some keywords was because I forgot the unpacked extension, they are not in the %AppData%\..\Local\Google\Chrome\User Data\Default\Extensions directory. And I go through the code and find the js code was obfuscated.

Related

Can I use the link given by chrome.runtime.getURL in script.src?

I'm trying but even though it's proper link, the script fails. Why?
script = document.createElement('script')
script.src = chrome.runtime.getURL("my_file_from_extension.js")
console.log(script.src) // proper usable link
document.body.appendChild(script) // GET chrome-extension://invalid/ net::ERR_FAILED
I pasted "my_file_from_extension.js" into manifest's web_accessible_resources and it solved the issue.

Chrome Extension - Javascript loaded but function is not defined when calling it

I thought everything was well with my extension, it was loading the js libraries successfully on most of the domains I've tested my extension on, then I found a few domains where it seemed the libraries wasn't being loaded.
I am using the Google Web Font Loader library, and including it in my contentscript.js, which injects it to the page like this:
// Add Google Webfont Library
var gwebfont = document.createElement("script");
gwebfont.src = "https://ajax.googleapis.com/ajax/libs/webfont/1.6.26/webfont.js";
var callback = function (){
var s = document.createElement('script');
s.type = 'text/javascript';
var code = "WebFont.load({google: { families: ['Open Sans', 'Open Sans:light', 'Open Sans:semi-bold', 'Open Sans:bold'] } });";
try {
s.appendChild(document.createTextNode(code));
shadow.appendChild(s);
} catch (e) {
s.text = code;
shadow.appendChild(s);
}
}
gwebfont.onload = callback;
shadow.appendChild(gwebfont);
Yes, I do have the folder set in web_accessible_resources and the contentscript.js is also running..
On the few domains this doesn't work, it says WebFont is not defined, but on most of the domains I've tested this on, it works without any problem.
When I check in the Network tab in Chrome, I can see the webfont.js was loaded.
Can anyone tell me why only some domains give me the not defined error, when it appears the library was loaded?
I have also tried to run the code again in the console, and on the few domains where it doesn't work, it gives me the same not defined error.
This code doesn't work on hungry.dk, works on stylepit.dk
Here's a snippet of the event
Let me know if u want a closer look at something in here..

Can I Load CSS Using the "load.js" Library?

I recently found out about load.js, but I can't seem to find any indication of whether or not this is possible... (Note: I can't find a 'load.js' tag..)
I've got load.js successfully loading all my JS files, so I know it works. Has anyone got it working for loading CSS files as well?
Update: remyabel's solution worked perfectly for loading the physical files, but it seems there are a few quirks to this process...
For some reason, the order in which the CSS files are loaded and whether they're all done in one load(file1,file2); or in stages with load(file1).then(file2); seems to affect how the style rules are applied to the markup. I'm going to set up a few test cases on my local machine to try work out how or why this happens, but for now at least the files are being loaded.
Final Note:
Following on from the solution posted below, I've decided to use head.appendChild(script); instead of head.insertBefore(script, head.firstChild); to add the CSS elements to the DOM (still uses the original method for JS files).
This doesn't affect the order in which files are fetched and processed, but it makes Load.js insert my CSS links in the same order they were listed and at the end of the header instead of the beginning.
Direct from the source code
function asyncLoadScript(src) {
return function (onload, onerror) {
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = src;
My suggestion is to modify the script (which doesn't seem to contain much) to mirror the function but for a link tag, rather than a script tag.
to reflect OP's comment
The script is built on top of chain.js so it may be more complicated than expected.
Unless you want something else, I'm pretty sure what I wrote above is what you need to change, so it would look like:
function asyncLoadScript(src) {
return function (onload, onerror) {
// Get file extension
var ext = src.split('.').pop();
if (ext == "js")
{
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = src;
} else if (ext == "css")
{
var script = document.createElement('link');
script.type = 'text/css';
script.href = src;
script.rel = "stylesheet";
}
Theoretically that should work. Make another comment if it doesn't work.

How can I run a fallback copy of jQuery after the DOM is loaded?

The following are the first lines of code in a <script> tag just above the closing body tag in my document (it specifies that a locally-served copy of jQuery is run in the event that Google's CDN fails):
if(!window.jQuery){
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = '/js/jquery.js';
var scriptHook = document.getElementsByTagName('script')[0];
scriptHook.parentNode.insertBefore(script, scriptHook);
}
jQuery(document).ready(function($){
// page behaviors
});
It does execute successfully, in the sense that if my computer is not connected to the Internet (this is a locally-served page), the local copy of jQuery is inserted. However, the document.ready() section below does not execute. I'm guessing this is because it is invoked before the fallback copy of jQuery takes effect. What's the proper practice for somehow "delaying" its execution so that either copy of jQuery will work properly?
Consider using an existing script loader such as yepnope. There's an example of exactly what you're trying to do on the home page.
You need to be sure that the script you are appending to the dom has finished loading before calling jQuery. You can do this with the technique described here:
if(!window.jQuery){
var script = document.createElement('script');
script.type = 'text/javascript';
script.src = '/js/jquery.js';
script.onreadystatechange= function () {
if (this.readyState == 'complete') jQueryLoaded();
}
script.onload = jQueryLoaded;
var scriptHook = document.getElementsByTagName('script')[0];
scriptHook.parentNode.insertBefore(script, scriptHook);
}
function jQueryLoaded() { };
You can also fetch the jQuery contents as an Ajax request, create a script tag with those as the body of the script and append it. That would also work.
Try that
<script>window.jQuery || document.write('<script src="js/libs/jquery-1.6.2.min.js"><\/script>')</script>
<script>
jQuery(document).ready(function($){
// page behaviors
});
</script>
This way the script tag will be loaded synchronously.
The question "of how do I cope with my CDN failing and load a file hosted on my server" seems to come up a few times lately.
Question I'd ask is whether adding yet more js is the way to achieve the resilience and what level of resilience do the js approaches really add e.g. if the CDN is down they'll be a quick failure but how well do these approaches if the CDN is slow to respond how well do these solutions cope?
An alternative way to approach this is treat it as an infrastructure problem...
Run a CDN based on a domain/sub-domain you own. Have automated monitoring on it's availability, when it fails switch the DNS over to a backup server (anycast may provide an alternative solution too)
A php solution would be something like this:
$google_jquery = 'https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js';
$fp = #fsockopen($google_jquery, 'r');
if (!$fp)
{
echo '<script type="text/javascript" src="js/jquery.js"></script>';
}
else
{
echo '<script src="'.$google_jquery.'"></script>' }
}

Load javascript via Firebug console

How can I load a javascript file via Firebug console ?
This would be useful in development, so I don't have to modify the html code to load the script.
var script = document.createElement("script");
script.src = "http://whatever.com/js/my/script.js";
document.body.appendChild(script);
A very handy command is include();
include("http://code.jquery.com/jquery-latest.min.js");
Read more about include() command
Just ran into the same problem, and - as jQuery is used in the project anyway - I decided to do a simple:
$.getScript('example.js')
Or:
$.getScript('example.js', function () { doSomethingOnceLoaded(); })
Alternatively, I may code JavaScript directly in Firebug, using the console with the text entry pane on the right side. Activate it with the triangle button in the lower right hand corner.

Categories