I have an obfuscated (p,a,c,k,e,d) function from JavaScript.
string value = #"eval(function(p,a,c,k,e,d)
{while(c--)if(k[c])p=p.replace(new RegExp('\\b'+c.toString(a)+'\\b','g'),k[c]);
return p}
('3("3b").3a({39:\"5://1b.1a.19.8:18/38/v.37\",36:\"5://1b.1a.19.8:18/i/35/34/33.32\",31:\"\",30:\"2z\",2y:\"2x\",2w:2v,2u:\"7\",2t:\"2s\",2r:[],2q:{2p:\'#2o\',2n:22,2m:\"2l\",2k:0}});b f;b k=0;b 6=0;3().2j(2(x){a(6>0)k+=x.17-6;6=x.17;a(0!=0&&k>=0){6=-1;3().2i();3().2h(2g);$(\'#2f\').j();$(\'h.g\').j()}});3().2e(2(x){6=-1});3().2d(2(x){16(x)});3().2c(2(){$(\'h.g\').j()});2 16(x){$(\'h.g\').2b();a(f)2a;f=1;$.29(\'5://12.9/15-28/27.15?26=25&24=23&21=20-1z-1y-1x-1w\',2(14){$(\'#1v\').1u(14)})};3().1t(\'1s\',2(){b 13=3().1r();13.1q(\'1p\',2(){11.10(\'z-y\')[0].w[1].1o=\"5://12.9\";11.10(\'z-y\')[0].w[1].1n=\"<u>1m - 1l 1k 1j & 1i</u>\"});a($.c(\'4\')==\"d\"){t.s(\"5://r.q.p/o/7.n\",\"m 9 1h\",e,\"l\")}1g{t.s(\"5://r.q.p/o/d.n\",\"m 9 1f\",e,\"l\")}});2 e(){$.c(\'4\')==\'7\'?4=\'d\':4=\'7\';$.c(\'4\',4);1e.1d.1c()};',36,120,'||function|jwplayer|primaryCookie|http|p02887336|html5||to|if|var|cookie|flash|switchMode|vvplay|video_ad|div||show|tt2887336|button2|Switch|png|images|tv|flashx|static|addButton|this|center||childNodes||featured|jw|getElementsByClassName|document|streamin|container|data|cgi|doPlay|position|8777|213|211|95|reload|location|window|Flash|else|HTML5|Storage|Sharing|Video|Free|Streamin|innerHTML|href|contextmenu|addEventListener|getContainer|ready|on|html|fviews|fb98c55a544241de2464a88086a6b0c9|1486917733|186|182|2887336|hash||2ca0tpqawtre|file_code|view|op|index_dl|bin|get|return|hide|onComplete|onPlay|onSeek|play_limit_box|false|setFullscreen|stop|onTime|backgroundOpacity|Arial|fontFamily|fontSize|FFFFFF|color|captions|tracks|start|startparam|primary|326|height|580|width|2638|duration|skin|jpg|lhl2j9yhfp1s|00085|01|image|mp4|rwi7bsgc5huzcg3h5fpsfen3362uwfp4cyzyo2mavczsvbbx4tnesmwhdteq|file|setup|vplayer'.split('|')))"
I am trying to use jint to interpret and get the value of the above function but when I execute the statement in jint engine it throws an exception for jwplayer is not defined.
I know why the exception is thrown but I only want to get the value of p above. But jint runs the whole function and then ends up with an empty function which doesn't exist and when it tries to run it, an exception is thrown.
I only want it to return the value in a string and it should not run it any further. I have already tried to search it for an answer but so far found nothing.
I am using the code as following:
Jint.Engine jEngine = new Jint.Engine();
var linkString = jEngine.Execute(value).GetCompletionValue().ToString();
var arrayFile = linkString.Split(' ', '\n');
Is something I am missing here? If someone can shed some light on it. That will be much appreciated. Thanks
I think the problem was eval at the start of the packed function. It was running the code after getting the value. So I removed the eval part and now it works as expected.
Related
I have been working on my project where I had to do some updates on my data records. After I finished my update I got an error: SyntaxError: identifier starts immediately after numeric literal and this line of code was below that error in firebug : maxScores.ew-19a = ''
I looked up in my code and I found where is this output coming from, here is the code:
var maxScores = new Object;
<cfoutput query="getRec">maxScores.#LCase(tCode)# = '#maxScore#';</cfoutput>
In my update I had to put - symbol between letter and number, in old data I did not have that so I think that causing the problem here. I was wondering how I can prevent this or if there is any method that I have to put around my output to prevent this? If you know how this can be fixed pleas let me know. Thank you.
ColdFusion will attempt to subtract ew from 19a when you just dump it between to pound signs like that. You will need to use bracket/object notation here. Try this:
<cfoutput query="getRec">
maxScores.#LCase(getRec["tCode"][currentrow])# = '#getRec["maxScore"][currentrow]#';
</cfoutput>
If you want to Lower case something do it in the query. Outputing JS using CF is useful and solves many problems, but you want to keep it as clean as possible to keep your brain from fogging over. :)
Does anyone know of a way to eval a string so that if it (or a function it defines) generates an error, the line and column numbers shown in the stack trace will be offset by an amount specified in advance?
Alternatively, suppose I want to break up a long source string into chunks and evaluate them separately, but still get stack traces that look as though the entire string was evaluated in one go. Is there any way to achieve this effect, except for using empty lines and columns? (I need a browser-based solution, preferably cross-browser, but I can settle for something that works on at least one of the major browsers.)
I don't think is it possible because the underlying mechanism that is assumed working is actually deprecated. For security reasons browsers don't pass the error object to Javascript anymore.
However, since you are working with a custom programming language that gets compiled into Javascript, you know what the structure of the resulting script will be. You could also introduce statement counters in the resulting Javascript, so you can always know what the last thing executed was. Something like:
function(1); function(2);
function(3);
could be translated as:
var __column=0;
var __line=0;
function(1); __column+=12;
function(2); /*__column+=12;*/ __line++; __column=0;
function(3); /*__column+=12;*/ __line++; __column=0;
Where 12 is "function(n);".length.Of course, the resulting code is ugly, but you could enable this behaviour with a debug flag or something.
The best solution I've found so far is to prepend a sourceURL directive to each string before it's eval'ed, giving it a marker in the form of a unique file name in the stack trace. Stack traces are then parsed (using the parser component stacktracejs) and corrected by looking up the line offsets associated with the markers.
var evalCounter = 0;
var lineCounter = 0;
var lineOffsetTable = {};
function myEval(code) {
lineOffsetTable[evalCounter] = lineCounter;
lineCounter += countLines(code);
return eval("//# sourceURL=" + (evalCounter++) + "\n" + code);
}
window.onerror = function(errorMsg, url, lineNumber, column, e) {
var stackFrames = ErrorStackParser.parse(e);
logStackTrace(stackFrames.map(function(f) {
if(f.fileName in lineOffsetTable)
f.lineNumber += lineOffsetTable[f.fileName];
return f;
}));
};
Unfortunately, this only works in Firefox at the moment. Chrome refuses to pass the error object to the onerror callback (a problem which only happens with eval'ed code, strangely enough) and IE ignores the sourceURL directive.
I'm trying to have an if statement. The problem is that I'm trying to grab a url parameter that may or may not be there. When I plug it into my JavaScript it throws an error because sometimes the variable isn't there so the syntax is incorrect. Here's what I mean:
var manual = {module_url,manual};
if(manual)
$('#manual').show();
Now if the url parameter is present the code ends up looking like this:
var manual = true;
if(manual)
$('#manual').show();
If it is not, then the code ends up looking like this:
var manual = ;
if(manual)
$('#manual').show();
That's where my problem lies. It ends up breaking all the JavaScript on the rest of the page. I tried using a try/catch but the problem still happens because of the syntax. Unfortunately, I don't have control of the server aspect so I got to work with what I have.
You can't catch or recover from a syntax error.
The solution in this case is to manipulate the code so that it's valid even if the value inserted by the template is empty.
var manual = ("{module_url,manual}" !== "");
When {module_url,manual} is empty, the above line becomes "" !== "" which evaluates to false.
Over 1 hour on this. This is javascript code inside my index.php file.
function dostuff()
{
var thepath = document.location.search.substring(1);
alert('the path is ' + thepath + " (that's the full path)");
alert(thepath);
// TRIED THESE ALL -- NONE OF THEM WORK.
//var pathLen = String.length("thepath");
//var pathLen = String.length(thepath);
//var pathLen = thepath.length();
var pathLen = String.length(document.location.search.substring(1));
alert('pathLen is ' + pathLen);
}
The symptom: the first 2 alert boxes appear no problem and both show 'thepath' has a valid pathname in it, and it is the correct, expected path too.
But no matter what I try -- see the 4 different attempts, tried one at a time -- the final alert() box NEVER shows up.
Why is alert('pathLen is ' + pathLen) not showing up?
(The other thing is -- I'm using XDEBUG and xampp and Netbeans and the debugger will not let me put a breakpoint in this javascript code, so I can't even step into it to see what's happening, hence the use of the alert()'s in the code. I know the XDEBUG debugger I'm using in Netbeans works -- I've been using it all night to debug PHP code in a different.PHP file. When I set a breakpoint though in any Javascript code, a 'broken breakpoint' icon appears and I cannot find what that means in Netbeans documentation.)
I've never seen that syntax before. You might want to try:
var pathLen = thepath.length;
(You'd be best off debugging with Firebug)
var pathLen = thepath.length;
Length is a property of the string, not a function, so no need for the ().
The length is a property of your string rather than a method.
You should be able to access it via the following:
var pathLen = thepath.length;
When you say the alert box never shows up do you mean it never appears at all? If you're using FF you can open the error console from the Tools menu and clear it then refresh your page. It should highlight any JS errors you have in your code. That's the only reason I know of that the alert wouldn't show at all. (I don't think there is a class method for String.length() which is probably where the error is coming from.)
As for XDebug, as far as I know it's a PHP debugger only I don't think it can debug JS.
pathLen.length
No (). length is a property; if you add the (), it tries to use the value of the property as a function to call, resulting in an exception.
Hey Guys,
Javascript newbie here. I'm trying to modify some existing to code to instead of returning the count of elements, to actually add each of the specified elements to an array/list
here is the original code from Selenium CSS counter
private int getCSSCount(String aCSSLocator){
String jsScript = "var cssMatches = eval_css(\"%s\", window.document);cssMatches.length;";
return Integer.parseInt(selenium.getEval(String.format(jsScript, aCSSLocator)));
}
I then have to convert the code to python, which I am far more familiar with
def count_css_matches(self, css_locator):
java_script_code = '''
var cssMatches = eval_css("%s", window.document);
cssMatches.length;''' % css_locator
return int(self.selenium.get_eval(java_script_code))
But changing the original code to return the array instead of an integer is where I get stuck.
Thanks for the help and the below is the error I get when I tried to run it in Python.
Traceback (most recent call last):
"D:\Temp\1TestingApps\Selenium\SeleniumRC\selenium-python-client-driver-1.0.1\selenium.py", line 1218, in get_eval
return self.get_string("getEval", [script,])
File "D:\Temp\1TestingApps\Selenium\SeleniumRC\selenium-python-client-driver-1.0.1\selenium.py", line 219, in get_string
result = self.do_command(verb, args)
File "D:\Temp\1TestingApps\Selenium\SeleniumRC\selenium-python-client-driver-1.0.1\selenium.py", line 215, in do_command
raise Exception, data
Exception: ERROR: Threw an exception: missing ) after argument list
I'm not sure how eval_css works, but if returns an array of strings into cssMatches, as you can get an string, and not a list, using get_eval, then you should JSONify the list in the JS scope, getting it as an string into python, and using simplejson, converting it to an python's native list.
Something like this, I guess:
import json
def count_css_matches(self, css_locator):
java_script_code = '''
var cssMatches = eval_css("%s", window.document);
JSON.stringify(cssMatches.length);''' % css_locator
return json.loads(self.selenium.get_eval(java_script_code)))
I don't know if you need a return, document.write, or something like that in the js code to get the string. Please add a comment if it's needed, and I'll add it to the code :-)
Good luck!
If you update your python bindings you will have it. pip install -U selenium