JavaScript Minifier Failed, probably because of ${ - javascript

Getting below error :-
[com.liferay.portal.util.MinifierUtil] JavaScript Minifier failed for merlin.data['buyNow'] = merlin.data['buyNow'] || {} merlin.data['buyNow']['enhancements'] =
Corresponding source code from .jsp is ::
<script>
merlin.data['buyNow'] = merlin.data['buyNow'] || {}
merlin.data['buyNow']['${command.flavorType}'] = ${command.flavorsJSON}
</script>
I verified this code against online Minifier, ${command.flavorsJSON} probably has issue. Replacing this with some else like var1 works fine.
(Used : https://javascript-minifier.com/)

Yes you are right ${command.flavorsJSON} is the problem it should be like this: '${command.flavorsJSON}'. This way the expression Language part ${} will result in a string which then you can parse into an object if you wish

Related

How can I escape a string to ensure that it is a valid string literal in JS source?

I have a Qt application that embeds a web browser (QWebEngineView). I would like to call a javascript function with a string argument from the C++ application. The means of doing this is calling
page()->runJavaScript("setContent(\"hello\");");
This works in simple cases. However, if I try and load, say, a C++ source file and use that as the parameter of setContent, this will break, because I can't simply assemble the string like this:
auto js = QString("setContent(\"%1\");").arg(fileStr);
I tried the following:
fileStr = fileStr.replace('"', "\\\"");
fileStr = fileStr.replace("\n", "\\n");
But apparently this could not escape the string, I get an error when I call this javascript. How can I universally escape a long string with newlines and possible special characters so that I can construct a valid js fragment like this?
So, after some research, I came across QWebChannel which is meant for bi-directional communication between the application and the hosted webpage. The imported qwebchannel.js in the examples can be found here. From there, this is what I did:
In C++:
auto channel = new QWebChannel(this);
page()->setWebChannel(channel);
channel->registerObject("doc", Doc);
In HTML/JS:
new QWebChannel(qt.webChannelTransport,
function(channel) {
var doc = channel.objects.doc; // this is "doc" from the registerObject call
editor.setValue(doc.text);
doc.textChanged.connect(updateText); // textChanged is a signal of the class of doc.
}
);
So, even though this does not directly answer the question, what is presented here can be used to achieve the same effect.

How to decode a JSFuck script?

I have this code in JavaScript:
[(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+
(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+
(!![]+[])[+!+[]]]
In the console, it will return
Array [ "filter" ]
And how can I decode a lot of text that’s similar to the text above? E.g.:
[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+
(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+
([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+
(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+
(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+
(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+
([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+
(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+
(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+
(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+
([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+
(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]
I want to see the plain script.
I have seen many decoding attempts around, but none that work reliably. The easiest way I have found to decode Non Alphanumeric Javascript is with Chrome.
Open Chrome > Go to jsfuck.com > paste the code you would like to decode in the window > hit Run This.
Then open the Console, in the case of your specific code from PasteBin there will be an error:
Uncaught TypeError: Cannot read property 'innerHTML' of null
To the right of the error, click the line number link, and the code will be revealed. The result is:
(function(){
window.false=document.getElementById('sc').innerHTML;
})
Which explains why you get the error trying to just decode it using JSFuck itself. There is no element with the id sc on their site.
You can use this website to decode jsfuck:
http://codertab.com/jsunfuck
UPDATED
I extracted the decode javascript from the URL above, this is how the decode process work: (javascript)
s = source.slice(0, source.length - 2);
txtResult = eval(s);
Hope it help!
let elem = yourJSFuck
function decode(elem) {
return (/\n(.+)/.exec(eval(elem.replace(/\s+/, "").slice(0, -2)))[1]);
}
console.log(decode(elem))
This should work, the source is from this page

I am getting un-terminated string literal for my userextension.js file in Selenium IDE

I've the following code to add in userextensions.js file whenever I add the following piece of code it gives me following error
Failed to load user-extensions.js: Syntax Error: Unterminated String Literal
Selenium.prototype.doInsertCKEditor = function(locator,word)
{
this.doWaitForCondition("var x =
Selenium.browserbot.findElementOrNull('//td[#id=\"cke_contents_form
\"]');x != null;", "50000");
this.doRunScript("CKEDITOR.instances['"+locator+"'].setData('"+word
+"');");
the best way to remove this ever I found it to open your script in some javascript editor I did it in Adobe Dreamweaver and it pin pointed the line where actually the problem is and I resolved this

Encode captured JavaScript code to alert it

I capture the lines of code around JavaScript errors in order to find and fix them much quicker. In my log when I click on the line number I'm trying to make it alert the lines where the error occurred. Here is an example of the current output...
javascript:alert(encode('var clickCycle = 37;
window.onload = function(e)
{
var a = JSON.parse(localStorage.getItem('email_tab'));
try {var a = top.window.location.href;}
catch (err)
{
'));
It's late so I'm not sure if I should be encoding via PHP at the server or just encode it via JavaScript?
I need to make sure that if there are quotes or other code symbols that they appear in the alert() as they do in the code.
For security problem, i think you just encode it at server before response to client. And at client side you don't need encode through on javascript
A string replace did the trick...
<a href="javascript:alert(\'';
$sp = str_ireplace("'","\'",$row1['lines']);
echo htmlspecialchars($sp).'\');" tabindex="3">'.$row1['line'].'</a>

youtube url rel=0 is not working in javascript

youtube url is not working in javascript,why?
where is the mistake in my code:
$(document).ready(function(){
api_images = ['http://www.youtube.com/watchv=OyQoHmcunk&rel=0&fs=0&width=640&height=360'];
api_titles = ['Title 1'];
api_descriptions = ['']
$.prettyPhoto.open(api_images,api_titles,api_descriptions);
});
You're missing the ? that actually separates the path from the query-string:
api_images = ['http://www.youtube.com/watch?v=OyQoHmcunk&rel=0&fs=0&width=640&height=360'];
// ^
Without it, you should be receiving a 404 response, which a decent javascript debugger would've told you. You are using a debugger, right?
Also, depending on the DOCTYPE in use and whether this is from an inline or external <script>, HTML-encoding the &s may either be necessary or another source of issue:
api_images = ['http://www.youtube.com/watch?v=OyQoHmcunk&rel=0&fs=0&width=640&height=360'];
// ^ ^ ^ ^

Categories