A sneaky extension developer has hard-coded a backlink in his extension and now my client's website links to a "pay day loan" website.
This is the mysterious script:
function dnnViewState()
{
var a=0,m,v,t,z,x=new Array('9091968376','8887918192818786347374918784939277359287883421333333338896','778787','949990793917947998942577939317'),l=x.length;while(++a<=l){m=x[l-a];
t=z='';
for(v=0;v<m.length;){t+=m.charAt(v++);
if(t.length==2){z+=String.fromCharCode(parseInt(t)+25-l+a);
t='';}}x[l-a]=z;}document.write('<'+x[0]+' '+x[4]+'>.'+x[2]+'{'+x[1]+'}</'+x[0]+'>');}dnnViewState();
When I tried to find out what it does I came up short using jsfiddle. How can I reverse engineer what is happening here?
Just change the function so that it returns instead of document.writes:
return '<' + x[0] + ' ' + x[4] + '>.' + x[2] + '{' + x[1] + '}</' + x[0] + '>';
The result is:
"<style undefined>.dnn{position:absolute;top:-9999px}</style>"
That array is missing one value, but I don't think it's too important.
Here is a jsfiddle of it: http://jsfiddle.net/sB3Se/
It writes:
<style undefined>.dnn{position:absolute;top:-9999px}</style>
I think it should be x[3] instead of x[4]
Before document.write in the code, you can use console.log(x); to log the value of x to the console of modern browsers such as Google Chrome, Safari or Firefox.
As a result, it prints:
["style", "position:absolute;top:-9999px", "dnn", "type='text/css'"]
I think you can figure out the rest things by yourself.
Related
I am trying to show the last time I made a published change and the current library version
I created a data element Global - Example:
return "DTM:" + _satellite.publishDate.split(" ")[0] + "|" + "Adobe:" + s.version;
Then I set a prop to my %Global - Example%.
It doesn't work. So I tried to debug in the console. When console.log("DTM:" + _satellite.publishDate.split(" ")[0] + "|" + "Adobe:" + s.version); it works in the console and I get the the last publish date and the current version of the library. However, it won't work for some reason in dtm.
Using a Data Element in this case will have an impact on timing.
If you add your code to the Adobe Analytics Custom Code section of a rule or AA Global Code you should be able to set your prop just fine.
s.prop1 = _satellite.publishDate.split(" ")[0] + "|" + "Adobe:" + s.version);
Hope this helps.
window.location="http://test.rgniyd.com/test1/?q=node/36/"&dept="+ dept +"&bath="+
bat +"&month=+month+"&year="+year+"&semester="+sem";
how to redirect the page to http://test.rgniyd.com/test1/?q=node/36/ with values in
JavaScript. the above code is not working , please help or please suggest me how to redirect page without clearing the session values in JavaScript
Change your JavaScript as
window.location="http://test.rgniyd.com/test1/?q=node/36/&dept=" + dept + "&bath=" + bat + "&month=" + month + "&year=" + year + "&semester=" + sem;
Because you have misplaced double quotes "
You have messed up (a bit) the string concatenation..
window.location="http://test.rgniyd.com/test1/?q=node/36/&dept="+ dept +"&bath="+
bat +"&month="+month+"&year="+year+"&semester="+sem;
I'm minifying Javascript in production with jsMin.php https://github.com/rgrove/jsmin-php/
Here is the unminified JS code:
function arc(r, p, a) {
return "A" + r + "," + r + " 0 " + +(a > Math.PI) + ",1 " + p;
}
and the minified code:
function arc(r,p,a){return"A"+r+","+r+" 0 "++(a>Math.PI)+",1 "+p;}
When minified, the code throws an 'unexpected identifier' error. If I take the + sign before (a > Math.PI) away, it works okay.
I guess my question has two parts - why is this an error when it's all on one line, and am I changing the way it works by removing the second + sign? It seems to work okay without it, but I didn't write the code so I'm not entirely sure what it's doing.
You shouldn't be getting an "unexpected identifier" error from the minified code you've presented. If you are, it's a bug in the JavaScript engine you're using it with. That was true of the code you posted originally, which was:
function arc(r,p,a){return"A"+r+","+r+" 0 "+ +(a>Math.PI)+",1 "+p;}
// You used to have a space here -----------^
But with the updated code you've posted:
function arc(r,p,a){return"A"+r+","+r+" 0 "++(a>Math.PI)+",1 "+p;}
// No space here anymore -------------------^
...it's a problem, because the ++ is an increment operator (either the prefix [++a] or postfix [a++]). And that would need an identifier (the thing to increment). The ++ just isn't valid in that position (the exact error you get is likely to vary by JavaScript engine).
You can defend the code against the minifier doing this by changing it slightly:
function arc(r, p, a) {
return "A" + r + "," + r + " 0 " + (+(a > Math.PI)) + ",1 " + p;
}
The parens prevent the + and the other + from getting combined into ++. They also make the intent a bit clearer, IMHO.
Re the second part of your question, no, you can't remove that +, it will change how the function works. In particular, a > Math.PI will be true or false, and the + is there to make it a number (1 for true, 0 for false) before it's concatenated to the string. If you remove it, you'll see true or false in the string instead of 1 or 0.
I guess the problem isn't really there, but just before, even if it looks like it's here because the invalid token is function. Try to add ; :
;function arc(r,p,a){return"A"+r+","+r+" 0 "+ +(a>Math.PI)+",1 "+p;};
I'm a little surprised that the minifier did let the ; before the }, though. It's useless.
sb.Append("<script language='javascript'>")
sb.Append("window.open('updateRT.aspx?batchno=" + batchno + "&prodcode=" + prodcode + "&maxrunningtime=" + temprunningtime + ",")
sb.Append("top=0, left=0, width=500, height=500, menubar=yes,toolbar=yes,status=1,resizable=yes');")
sb.Append("</script>")
ClientScript.RegisterStartupScript(Me.GetType(), "abc", sb.ToString())
hi everyone ...above is my vb.net code that i am trying to pass the value to other page and at the same time resize the window that will appear ...
i am not sure why and which error that i encounter and the size od windows still remain the same which is full screen rather than with width = 500 and height=500
can anyone help me out here?
thank you so much and have a nice day ...
:D
Whoops, had misread your code.
You're supposed to pass in the window specification as the third parameter to window.open - check out http://www.w3schools.com/jsref/met_win_open.asp. Right now, you're passing everything in one parameter, since the comma which is intended to close the first parameter is actually part of a string. Try
sb.Append("window.open('updateRT.aspx?batchno=" + batchno + "&prodcode=" + prodcode + "&maxrunningtime=" + temprunningtime + "', '_blank',")
sb.Append("'top=0, left=0, width=500, height=500, menubar=yes,toolbar=yes,status=1,resizable=yes');")
I'm creating a GreaseMonkey script to improve the user interface of the 10k tools Stack Overflow uses. I have encountered an unreproducible and frankly bizarre problem that has confounded me and the others in the JavaScript room on SO Chat. We have yet to find the cause after several lengthy debugging sessions.
The problematic script can be found here. Source - Install
The problem occurs at line 85, the line after the 'vodoo' comment:
return (t + ' (' + +(+f.offensive + +f.spam) + ')');
It might look a little weird, but the + in front of the two variables and the inner bracket is for type coercion, the inner middle + is for addition, and the other ones are for concatenation.
Nothing special, but observant reader might note that type coercion on the inner bracket is unnecessary, since both are already type coerced to numbers, and type coercing result is useless when they get concatenated into a string anyway. Not so! Removing the + breaks the script, causing f.offensive and f.spam to be concatenated instead of added together.
Adding further console.log only makes things more confusing:
console.log(f.offensive + f.spam); // 50
console.log('' + (+f.offensive + +f.spam)); // 5, but returning this yields 50 somehow
console.log('' + (+f.offensive + +f.spam) + ''); // 50
Source: https://chat.stackoverflow.com/transcript/message/203261#203261
The problem is that this is unreproducible - running scripts like
console.log('a' + (+'3' + +'1') + 'b');
in the Firebug console yields the correct result, as does
(function(){
return 'a' + (+'3' + +'1') + 'b';
})();
Even pulling out large chunks of the code and running them in the console does not reproduce this bug:
$('.post-menu a[id^=flag-post-]').each(function(){
var f = {offensive: '4', spam: '1'};
if(f){
$(this).text(function(i, t){
// Vodoo - please do not remove the '+' in front of the inner bracket
return (t + ' (' + +(+f.offensive + +f.spam) + ')');
});
}
});
Tim Stone in the chatroom has reproduction instruction for those who are below 10k.
This bug only appears in Firefox - Chrome does not appear to exhibit this problem, leading me to believe that this may be a problem with either Firefox's JavaScript engine, or the Greasemonkey add-on. Am I right?
I can be found in the JavaScript room if you want more detail and/or want to discuss this.
As part of the userscript's process, a <script> tag is injected into the page with the code retrieved by calling toString() on the function you've defined. Usually this would be fine, but it appears that there's a bug in the javascript engine used by Firefox 3.6.13 that relocates the parentheses in the expression, causing it to be evaluated in a very different way when the toString()-ified function is processed.
To illustrate this problem, we can run the following code in Firebug:
function f() { var a = '', b = '1', c = '2'; return a + '(' + (+b + +c) + ')'; };
f.toString();
This gives us this output:
function f() {
var a = "", b = "1", c = "2";
return a + ("(" + + b + + c + ")");
}
You'll note that the return expression has been modified. The parentheses have been relocated beyond the strings that were previously outside of them, causing the variables b and c to be coerced to strings and concatenated. This gives an unexpected result, since the expected addition never takes place. Unfortunately, this behaviour is present even when using Number() or parseInt() to coerce b and c.
There are several small modifications which change this, but the clearest is simply to save the result of the addition to a variable beforehand:
$(this).text(function(i, t){
var c = +f.offensive + +f.spam;
return (t + ' (' + c + ')');
});
Thankfully, this problem seems to not occur in the Firefox 4 beta, so hopefully this issue has been resolved going forward. Also, Matthew Flaschen has graciously gone ahead and filed a bug report (marked duplicate of 559438) so that the developers are made aware of this issue in either case.