Javascript code

  • extr3m3
  • Novice
  • Novice
  • extr3m3
  • Posts: 20
  • Loc: Bucharest, Romania

Post 3+ Months Ago

I want to know what this code does exactly. Thanks.

Code: [ Select ]
n=navigator.userAgent;
w=n.indexOf("MSIE");
if((w>0)&&(parseInt(n.charAt(w+5))>5)){
T=["object","embed","applet"];
for(j=0;j<2;j++){
E=document.getElementsByTagName(T[j]);
for(i=0;i<E.length;i++){
P=E[i].parentNode;
H=P.innerHTML;
P.removeChild(E[i]);
P.innerHTML=H;
}}}
  1. n=navigator.userAgent;
  2. w=n.indexOf("MSIE");
  3. if((w>0)&&(parseInt(n.charAt(w+5))>5)){
  4. T=["object","embed","applet"];
  5. for(j=0;j<2;j++){
  6. E=document.getElementsByTagName(T[j]);
  7. for(i=0;i<E.length;i++){
  8. P=E[i].parentNode;
  9. H=P.innerHTML;
  10. P.removeChild(E[i]);
  11. P.innerHTML=H;
  12. }}}
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • UPSGuy
  • Lurker ಠ_ಠ
  • Web Master
  • User avatar
  • Posts: 2733
  • Loc: Nashville, TN

Post 3+ Months Ago

Looks like it strips all object, embed, and applet tags out of a page. The top portion appears to test if a page is IE compatible? Someone else more familiar can confirm that...

Retrieve the user Agent and see if the string "MSIE" appears in it somewhere beyond the fourth character:
Code: [ Select ]
 
   1. n=navigator.userAgent;
   2. w=n.indexOf("MSIE");
   3. if((w>0)&&(parseInt(n.charAt(w+5))>5)){
 
  1.  
  2.    1. n=navigator.userAgent;
  3.    2. w=n.indexOf("MSIE");
  4.    3. if((w>0)&&(parseInt(n.charAt(w+5))>5)){
  5.  


Go through the page 3 times - each time looking for a tag in this array:
Code: [ Select ]
 
   4. T=["object","embed","applet"];
   5. for(j=0;j<2;j++){
   6. E=document.getElementsByTagName(T[j]);
   7. for(i=0;i<E.length;i++){
 
  1.  
  2.    4. T=["object","embed","applet"];
  3.    5. for(j=0;j<2;j++){
  4.    6. E=document.getElementsByTagName(T[j]);
  5.    7. for(i=0;i<E.length;i++){
  6.  

For each one that you find, get a reference to its parent node and remove the child node matching the array element:
Code: [ Select ]
 
   8. P=E[i].parentNode;
   9. H=P.innerHTML;
  10. P.removeChild(E[i]);
  11. P.innerHTML=H;
  12. }}}
 
  1.  
  2.    8. P=E[i].parentNode;
  3.    9. H=P.innerHTML;
  4.   10. P.removeChild(E[i]);
  5.   11. P.innerHTML=H;
  6.   12. }}}
  7.  
  • UPSGuy
  • Lurker ಠ_ಠ
  • Web Master
  • User avatar
  • Posts: 2733
  • Loc: Nashville, TN

Post 3+ Months Ago

Hrmm...not sure what they were trying to accomplish with the userAgent indexOf. My first thought is that they're trying to detect IE, but there are other crawlers/browsers that have 'MSIE' in the userAgent, so they're either doing it wrong, or doing something I haven't seen before.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

I'd be curious where/how it's being used. The only reason I can think of for stripping out those tags would be in a form field to prevent malicious use of those tags.
  • UPSGuy
  • Lurker ಠ_ಠ
  • Web Master
  • User avatar
  • Posts: 2733
  • Loc: Nashville, TN

Post 3+ Months Ago

Same here. I could see stripping out tags that IE doesn't support, but that script's going to walk the whole DOM containing the script, so there's got to be some ulterior reason?
  • extr3m3
  • Novice
  • Novice
  • extr3m3
  • Posts: 20
  • Loc: Bucharest, Romania

Post 3+ Months Ago

that was on http://www.fitwlholiday.co.uk .. but w3c said that i have an error so i deleted this thing and the error disapeared. is this javascript really needed? Or i can`t live without it?
  • UPSGuy
  • Lurker ಠ_ಠ
  • Web Master
  • User avatar
  • Posts: 2733
  • Loc: Nashville, TN

Post 3+ Months Ago

You can definitely live without it.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

We actually have a new Security forum. Do a little browsing around in there for starters and refer to the tutorial's section from time to time.

Even though you didn't want to start a new topic for it, I'm moving that part there where it's more appropriate.

viewtopic.php?f=33&t=98100
  • joebert
  • Fart Bubbles
  • Genius
  • User avatar
  • Posts: 13502
  • Loc: Florida

Post 3+ Months Ago

Looks like something related to the activex click to activate deal.

I don't believe the click to activate thing affected IE5 or before, so that would explain why it looks for a version number.

the script doesn't actually remove the element completely, it grabs the innerHTML of the parentNode, which will actually be the element, then it deletes the element and replaces it with the innerHTML afterwards which essentually refreshes the element.

I'm pretty sure that was standard procedure for bypassing click to activate when the click to activate thing first came out.
  • UPSGuy
  • Lurker ಠ_ಠ
  • Web Master
  • User avatar
  • Posts: 2733
  • Loc: Nashville, TN

Post 3+ Months Ago

Ohhh, duh, I missed throwing it back in. Odd, I hadn't seen that before. Heh, neat concept.

Post Information

  • Total Posts in this topic: 10 posts
  • Users browsing this forum: No registered users and 72 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.