How to circumvent a "blockadblock" script with a benign adblock friendly substitute? - javascript

A website I interact with employs the following adblock detection script (beautified for readability):
! function(t) {
var e = function(e) {
this._options = {
checkOnLoad: !1,
resetOnEnd: !1,
loopCheckTime: 50,
loopMaxNumber: 5,
baitClass: "pub_300x250 pub_300x250m pub_728x90 text-ad textAd text_ad text_ads text-ads text-ad-links",
baitStyle: "width: 1px !important; height: 1px !important; position: absolute !important; left: -10000px !important; top: -1000px !important;",
debug: !1
}, this._var = {
version: "3.2.1",
bait: null,
checking: !1,
loop: null,
loopNumber: 0,
event: {
detected: [],
notDetected: []
}
}, void 0 !== e && this.setOption(e);
var o = this,
i = function() {
setTimeout(function() {
o._options.checkOnLoad === !0 && (o._options.debug === !0 && o._log("onload->eventCallback", "A check loading is launched"), null === o._var.bait && o._creatBait(), setTimeout(function() {
o.check()
}, 1))
}, 1)
};
void 0 !== t.addEventListener ? t.addEventListener("load", i, !1) : t.attachEvent("onload", i)
};
e.prototype._options = null, e.prototype._var = null, e.prototype._bait = null, e.prototype._log = function(t, e) {
console.log("[BlockAdBlock][" + t + "] " + e)
}, e.prototype.setOption = function(t, e) {
if (void 0 !== e) {
var o = t;
t = {}, t[o] = e
}
for (var i in t) this._options[i] = t[i], this._options.debug === !0 && this._log("setOption", 'The option "' + i + '" he was assigned to "' + t[i] + '"');
return this
}, e.prototype._creatBait = function() {
var e = document.createElement("div");
e.setAttribute("class", this._options.baitClass), e.setAttribute("style", this._options.baitStyle), this._var.bait = t.document.body.appendChild(e), this._var.bait.offsetParent, this._var.bait.offsetHeight, this._var.bait.offsetLeft, this._var.bait.offsetTop, this._var.bait.offsetWidth, this._var.bait.clientHeight, this._var.bait.clientWidth, this._options.debug === !0 && this._log("_creatBait", "Bait has been created")
}, e.prototype._destroyBait = function() {
t.document.body.removeChild(this._var.bait), this._var.bait = null, this._options.debug === !0 && this._log("_destroyBait", "Bait has been removed")
}, e.prototype.check = function(t) {
if (void 0 === t && (t = !0), this._options.debug === !0 && this._log("check", "An audit was requested " + (t === !0 ? "with a" : "without") + " loop"), this._var.checking === !0) return this._options.debug === !0 && this._log("check", "A check was canceled because there is already an ongoing"), !1;
this._var.checking = !0, null === this._var.bait && this._creatBait();
var e = this;
return this._var.loopNumber = 0, t === !0 && (this._var.loop = setInterval(function() {
e._checkBait(t)
}, this._options.loopCheckTime)), setTimeout(function() {
e._checkBait(t)
}, 1), this._options.debug === !0 && this._log("check", "A check is in progress ..."), !0
}, e.prototype._checkBait = function(e) {
var o = !1;
if (null === this._var.bait && this._creatBait(), (null !== t.document.body.getAttribute("abp") || null === this._var.bait.offsetParent || 0 == this._var.bait.offsetHeight || 0 == this._var.bait.offsetLeft || 0 == this._var.bait.offsetTop || 0 == this._var.bait.offsetWidth || 0 == this._var.bait.clientHeight || 0 == this._var.bait.clientWidth) && (o = !0), void 0 !== t.getComputedStyle) {
var i = t.getComputedStyle(this._var.bait, null);
!i || "none" != i.getPropertyValue("display") && "hidden" != i.getPropertyValue("visibility") || (o = !0)
}
this._options.debug === !0 && this._log("_checkBait", "A check (" + (this._var.loopNumber + 1) + "/" + this._options.loopMaxNumber + " ~" + (1 + this._var.loopNumber * this._options.loopCheckTime) + "ms) was conducted and detection is " + (o === !0 ? "positive" : "negative")), e === !0 && (this._var.loopNumber++, this._var.loopNumber >= this._options.loopMaxNumber && this._stopLoop()), o === !0 ? (this._stopLoop(), this._destroyBait(), this.emitEvent(!0), e === !0 && (this._var.checking = !1)) : (null === this._var.loop || e === !1) && (this._destroyBait(), this.emitEvent(!1), e === !0 && (this._var.checking = !1))
}, e.prototype._stopLoop = function(t) {
clearInterval(this._var.loop), this._var.loop = null, this._var.loopNumber = 0, this._options.debug === !0 && this._log("_stopLoop", "A loop has been stopped")
}, e.prototype.emitEvent = function(t) {
this._options.debug === !0 && this._log("emitEvent", "An event with a " + (t === !0 ? "positive" : "negative") + " detection was called");
var e = this._var.event[t === !0 ? "detected" : "notDetected"];
for (var o in e) this._options.debug === !0 && this._log("emitEvent", "Call function " + (parseInt(o) + 1) + "/" + e.length), e.hasOwnProperty(o) && e[o]();
return this._options.resetOnEnd === !0 && this.clearEvent(), this
}, e.prototype.clearEvent = function() {
this._var.event.detected = [], this._var.event.notDetected = [], this._options.debug === !0 && this._log("clearEvent", "The event list has been cleared")
}, e.prototype.on = function(t, e) {
return this._var.event[t === !0 ? "detected" : "notDetected"].push(e), this._options.debug === !0 && this._log("on", 'A type of event "' + (t === !0 ? "detected" : "notDetected") + '" was added'), this
}, e.prototype.onDetected = function(t) {
return this.on(!0, t)
}, e.prototype.onNotDetected = function(t) {
return this.on(!1, t)
}, t.BlockAdBlock = e, void 0 === t.blockAdBlock && (t.blockAdBlock = new e({
checkOnLoad: !0,
resetOnEnd: !0
}))
}(window);
The site design is such that this script cannot be blocked without halting the functionality of the site. I haven't consented to any EULA with this site and I believe I'm well within my rights to tamper with my client side code. I simply wish to circumvent this script with a benign adblock friendly substitute.
Essentially, I'd like to inject a user-defined script that will simulate the adblock notification event and give the server the impression that I have clicked through the following popup notification:
The approach I'd like try for this problem was suggested by #jake-holzinger. He remarked the script might be subverted by forcing the e class prototype to trigger the opposite adblock detection code, i.e. by overwritting e.prototype.onDetected with e.prototype.onNotDetected; although, I assume the same effect can be achieved by flipping the Boolean? As he explains it, this subverted code should be executed prior to the load event, but only after the above default code is run (I could be misinterpreting this part).
As a novice with JavaScript, I find these instructions a bit terse and opaque. In particular, I'm not entirely sure what the control flow is supposed to look like here. It seems like the default blockadblock script should be run (not blocked or replaced), but for some reason this needs to take place before the subverted code? Is the "subverted code" in this case a perfect replica of the blockadblock script, with the only difference being the inverted event names; or Boolean? What does it mean for the subverted code to be run before the load event? Isn't this already the case? Or do I need restructure the code to achieve this effect?

Related

the search bar does not display result

in the home page the search bar doesn't work by entering a keyword it goes into a loop and we don't display the list of search results from the console we display these errors advice to solve the problem, below is the code where we find the error if it helps
we think this is the code related to the problem, we await feedback and suggestions to solve the problem
try {
r.send(i.hasContent && i.data || null)
} catch (e) {
if (o) throw e
}
}, abort: function() {
o && o()
}
}
}), S.ajaxPrefilter(function(e) {
e.crossDomain && (e.contents.script = !1)
}), S.ajaxSetup({
accepts: {
script: "text/javascript, application/javascript, application/ecmascript, application/x-ecmascript"
},
contents: {
script: /\b(?:java|ecma)script\b/
},
converters: {
"text script": function(e) {
return S.globalEval(e), e
}
}
}), S.ajaxPrefilter("script", function(e) {
void 0 === e.cache && (e.cache = !1), e.crossDomain && (e.type = "GET")
}), S.ajaxTransport("script", function(n) {
var r, i;
if (n.crossDomain || n.scriptAttrs) return {
send: function(e, t) {
r = S("<script>").attr(n.scriptAttrs || {}).prop({
charset: n.scriptCharset,
src: n.url
}).on("load error", i = function(e) {
r.remove(), i = null, e && t("error" === e.type ? 404 : 200, e.type)
}), E.head.appendChild(r[0])
},
abort: function() {
i && i()
}
}
});
var Ut, Xt = [],
Vt = /(=)\?(?=&|$)|\?\?/;
S.ajaxSetup({
jsonp: "callback",
jsonpCallback: function() {
var e = Xt.pop() || S.expando + "_" + Ct.guid++;
return this[e] = !0, e
}
}), S.ajaxPrefilter("json jsonp", function(e, t, n) {
var r, i, o, a = !1 !== e.jsonp && (Vt.test(e.url) ? "url" : "string" == typeof e.data && 0 === (e.contentType || "").indexOf("application/x-www-form-urlencoded") && Vt.test(e.data) && "data");
if (a || "jsonp" === e.dataTypes[0]) return r = e.jsonpCallback = m(e.jsonpCallback) ? e.jsonpCallback() : e.jsonpCallback, a ? e[a] = e[a].replace(Vt, "$1" + r) : !1 !== e.jsonp && (e.url += (Et.test(e.url) ? "&" : "?") + e.jsonp + "=" + r), e.converters["script json"] = function() {
return o || S.error(r + " was not called"), o[0]
}, e.dataTypes[0] = "json", i = C[r], C[r] = function() {
o = arguments
}, n.always(function() {
void 0 === i ? S(C).removeProp(r) : C[r] = i, e[r] && (e.jsonpCallback = t.jsonpCallback, Xt.push(r)), o && m(i) && i(o[0]), o = i = void 0
}), "script"
}), v.createHTMLDocument = ((Ut = E.implementation.createHTMLDocument("").body).innerHTML = "<form></form><form></form>", 2 === Ut.childNodes.length), S.parseHTML = function(e, t, n) {
return "string" != typeof e ? [] : ("boolean" == typeof t && (n = t, t = !1), t || (v.createHTMLDocument ? ((r = (t = E.implementation.createHTMLDocument("")).createElement("base")).href = E.location.href, t.head.appendChild(r)) : t = E), o = !n && [], (i = N.exec(e)) ? [t.createElement(i[1])] : (i = xe([e], t, o), o && o.length && S(o).remove(), S.merge([], i.childNodes)));
var r, i, o
}, S.fn.load = function(e, t, n) {
var r, i, o, a = this,
s = e.indexOf(" ");
return -1 < s && (r = yt(e.slice(s)), e = e.slice(0, s)), m(t) ? (n = t, t = void 0) : t && "object" == typeof t && (i = "POST"), 0 < a.length && S.ajax({
url: e,
type: i || "GET",
dataType: "html",
data: t
}).done(function(e) {
o = arguments, a.html(r ? S("<div>").append(S.parseHTML(e)).find(r) : e)
}).always(n && function(e, t) {
a.each(function() {
n.apply(this, o || [e.responseText, t, e])
})
}), this
}, S.expr.pseudos.animated = function(t) {
return S.grep(S.timers, function(e) {
return t === e.elem
}).length
}, S.offset = {
setOffset: function(e, t, n) {
var r, i, o, a, s, u, l = S.css(e, "position"),
c = S(e),
f = {};
"static" === l && (e.style.position = "relative"), s = c.offset(), o = S.css(e, "top"), u = S.css(e, "left"), ("absolute" === l || "fixed" === l) && -1 < (o + u).indexOf("auto") ? (a = (r = c.position()).top, i = r.left) : (a = parseFloat(o) || 0, i = parseFloat(u) || 0), m(t) && (t = t.call(e, n, S.extend({}, s))), null != t.top && (f.top = t.top - s.top + a), null != t.left && (f.left = t.left - s.left + i), "using" in t ? t.using.call(e, f) : c.css(f)
}
}, S.fn.extend({
offset: function(t) {
if (arguments.length) return void 0 === t ? this : this.each(function(e) {
S.offset.setOffset(this, t, e)
});
var e, n, r = this[0];
return r ? r.getClientRects().length ? (e = r.getBoundingClientRect(), n = r.ownerDocument.defaultView, {
top: e.top + n.pageYOffset,
left: e.left + n.pageXOffset
}) : {
top: 0,
left: 0
} : void 0
},
position: function() {
if (this[0]) {
var e, t, n, r = this[0],
i = {
top: 0,
left: 0
};
if ("fixed" === S.css(r, "position")) t = r.getBoundingClientRect();
else {
t = this.offset(), n = r.ownerDocument, e = r.offsetParent || n.documentElement;
while (e && (e === n.body || e === n.documentElement) && "static" === S.css(e, "position")) e = e.parentNode;
e && e !== r && 1 === e.nodeType && ((i = S(e).offset()).top += S.css(e, "borderTopWidth", !0), i.left += S.css(e, "borderLeftWidth", !0))
}
return {
top: t.top - i.top - S.css(r, "marginTop", !0),
left: t.left - i.left - S.css(r, "marginLeft", !0)
}
}
},
offsetParent: function() {
return this.map(function() {
var e = this.offsetParent;
while (e && "static" === S.css(e, "position")) e = e.offsetParent;
return e || re
})
}
}), S.each({
scrollLeft: "pageXOffset",
scrollTop: "pageYOffset"
}, function(t, i) {
var o = "pageYOffset" === i;
S.fn[t] = function(e) {
return B(this, function(e, t, n) {
var r;
if (x(e) ? r = e : 9 === e.nodeType && (r = e.defaultView), void 0 === n) return r ? r[i] : e[t];
r ? r.scrollTo(o ? r.pageXOffset : n, o ? n : r.pageYOffset) : e[t] = n
}, t, e, arguments.length)
}
}), S.each(["top", "left"], function(e, n) {
S.cssHooks[n] = _e(v.pixelPosition, function(e, t) {
if (t) return t = Be(e, n), Pe.test(t) ? S(e).position()[n] + "px" : t
})
}), S.each({
Height: "height",
Width: "width"
}, function(a, s) {
S.each({
padding: "inner" + a,
content: s,
"": "outer" + a
}, function(r, o) {
S.fn[o] = function(e, t) {
var n = arguments.length && (r || "boolean" != typeof e),
i = r || (!0 === e || !0 === t ? "margin" : "border");
return B(this, function(e, t, n) {
var r;
return x(e) ? 0 === o.indexOf("outer") ? e["inner" + a] : e.document.documentElement["client" + a] : 9 === e.nodeType ? (r = e.documentElement, Math.max(e.body["scroll" + a], r["scroll" + a], e.body["offset" + a], r["offset" + a], r["client" + a])) : void 0 === n ? S.css(e, t, i) : S.style(e, t, n, i)
}, s, n ? e : void 0, n)
}
})
}), S.each(["ajaxStart", "ajaxStop", "ajaxComplete", "ajaxError", "ajaxSuccess", "ajaxSend"], function(e, t) {
S.fn[t] = function(e) {
return this.on(t, e)
}
}), S.fn.extend({
bind: function(e, t, n) {
return this.on(e, null, t, n)
},
unbind: function(e, t) {
return this.off(e, null, t)
},
delegate: function(e, t, n, r) {
return this.on(t, e, n, r)
},
undelegate: function(e, t, n) {
return 1 === arguments.length ? this.off(e, "**") : this.off(t, e || "**", n)
},
hover: function(e, t) {
return this.mouseenter(e).mouseleave(t || e)
}
}), S.each("blur focus focusin focusout resize scroll click dblclick mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave change select submit keydown keypress keyup contextmenu".split(" "), function(e, n) {
S.fn[n] = function(e, t) {
return 0 < arguments.length ? this.on(n, null, e, t) : this.trigger(n)
}
});
var Gt = /^[\s\uFEFF\xA0]+|([^\s\uFEFF\xA0])[\s\uFEFF\xA0]+$/g;
S.proxy = function(e, t) {
var n, r, i;
if ("string" == typeof t && (n = e[t], t = e, e = n), m(e)) return r = s.call(arguments, 2), (i = function() {
return e.apply(t || this, r.concat(s.call(arguments)))
}).guid = e.guid = e.guid || S.guid++, i
}, S.holdReady = function(e) {
e ? S.readyWait++ : S.ready(!0)
}, S.isArray = Array.isArray, S.parseJSON = JSON.parse, S.nodeName = A, S.isFunction = m, S.isWindow = x, S.camelCase = X, S.type = w, S.now = Date.now, S.isNumeric = function(e) {
var t = S.type(e);
return ("number" === t || "string" === t) && !isNaN(e - parseFloat(e))
}, S.trim = function(e) {
return null == e ? "" : (e + "").replace(Gt, "$1")
}, "function" == typeof define && define.amd && define("jquery", [], function() {
return S
});
var Yt = C.jQuery,
Qt = C.$;
return S.noConflict = function(e) {
return C.$ === S && (C.$ = Qt), e && C.jQuery === S && (C.jQuery = Yt), S
}, "undefined" == typeof e && (C.jQuery = C.$ = S), S
});
jQuery.noConflict();

Block inline script detecting devtools on edge/chromium

I am running the chromium version of edge, and have installed ublock origin, and I just wondering how I could disable this script from being loaded on a site. either through overrides or ublock origin preferably
<script data-cfasync="false" type="text/javascript">
if (-1 != navigator.userAgent.indexOf("Chrome") || -1 != navigator.userAgent.indexOf("Safari") || -1 != navigator.userAgent.indexOf("MSIE") || -1 != navigator.userAgent.indexOf("coc_coc_browser")) {
var checkStatus, element = new Image;
Object.defineProperty(element, "id", {
get: function() {
throw checkStatus = "on", new Error("Dev tools checker")
}
}), setInterval(function() {
checkStatus = "off", console.dir(element), "on" == checkStatus && (-1 != window.location.href.indexOf("?ep=")) && (window.location.href = window.location.href.split("watching.html")[0])
}, 1e3)
} - 1 != navigator.userAgent.indexOf("Firefox") && window.addEventListener("devtoolschange", e => {
1 == e.detail.isOpen && (-1 != window.location.href.indexOf("?ep=")) && (window.location.href = window.location.href.split("watching.html")[0])
});
! function() {
"use strict";
const i = {
isOpen: !1,
orientation: void 0
},
e = (i, e) => {
window.dispatchEvent(new CustomEvent("devtoolschange", {
detail: {
isOpen: i,
orientation: e
}
}))
};
setInterval(() => {
const n = window.outerWidth - window.innerWidth > 160,
o = window.outerHeight - window.innerHeight > 160,
t = n ? "vertical" : "horizontal";
o && n || !(window.Firebug && window.Firebug.chrome && window.Firebug.chrome.isInitialized || n || o) ? (i.isOpen && e(!1, void 0), i.isOpen = !1, i.orientation = void 0) : (i.isOpen && i.orientation === t || e(!0, t), i.isOpen = !0, i.orientation = t)
}, 500), "undefined" != typeof module && module.exports ? module.exports = i : window.devtools = i
}();
window.addEventListener("devtoolschange", e => {
e.detail.isOpen && (-1 != window.location.href.indexOf("?ep=")) && (window.location.href = window.location.href.split("watching.html")[0])
});
</script>
If it is a separate js file, you can block specific js files to load. Open DevTools -> network tab -> select file and right click -> choose block Request URL.
But if it is loaded on the page, I think this will not be possible. If you choose to disable javascript, then all the script content of the page will not work, which will affect the overall operation of the page.
uBO has some nice tools to stop these.
Have a look at https://github.com/uBlockOrigin/uBlock-issues/wiki/Resources-Library

create a span inside a div dynamically in vuex

I'm using an existing web app created using vue.js. and below is the code.
function () {
var e = this,
t = e.$createElement,
n = e._self._c || t;
return e.message.text && "human" === e.message.type ? n("div", {
staticClass: "message-text"
}, [e._v("\n " + e._s(e.message.text) + "\n")]) : e.message.text && e.shouldRenderAsHtml ? n("div", {
staticClass: "message-text",
domProps: {
innerHTML: e._s(e.botMessageAsHtml)
}
}) : e.message.text && "bot" === e.message.type ? n("div", {
staticClass: "message-text"
}, [e._v("\n " + e._s(e.shouldStripTags ? e.stripTagsFromMessage(e.message.text) : e.message.text) + "\n")]) : e._e()
}
and here is my n function
function l(e, t) {
function n(e, t, n, i) {
console.log(typeof e + "\t" + typeof t + "\t" + typeof n + "\t" + typeof i);
return function () {
if (n in t) {
return function () {
if (i && "object" === He()(e[n])) {
return f()({}, l(t[n], e[n], i), l(e[n], t[n], i));
}
return function () {
if ("object" === He()(e[n])) {
return f()({}, e[n], t[n]);
}
return t[n];
}();
}();
}
return e[n];
}();
}
var i = arguments.length > 2 && void 0 !== arguments[2] && arguments[2];
return k()(e).map(function (r) {
var o = n(e, t, r, i);
return Ke()({}, r, o);
}).reduce(function (e, t) {
return f()({}, e, t);
}, {});
}
The above code basically creates a div tag with class name as message-text, I want to create a span inside this div. I am not at all good with vue.js and the code seems pretty confusing. please help me out in creating a span inside this div.
This looks like a compiled code and minified probably. But if you can't get the uncompiled version I would try and simplify the code as it has a spaghetti if else.
function(){
var e = this,
t = e.$createElement,
n = e._self._c || t,
result;
if(e.message.text && "human" === e.message.type){
result = n("div", {staticClass: "message-text"}, [e._v("\n " + e._s(e.message.text) + "\n")])
}else{
if(e.message.text && e.shouldRenderAsHtml){
result = n("div", {staticClass: "message-text",domProps: {innerHTML: e._s(e.botMessageAsHtml)}})
}else{
if(e.message.text && "bot" === e.message.type){
if(e.shouldStripTags){
result = n("div", {staticClass: "message-text"}, [e._v("\n " + e._s(e.stripTagsFromMessage(e.message.text)) + "\n")])
}else{
result = n("div", {staticClass: "message-text"}, [e._v("\n " + e._s(e.message.text) + "\n")])
}
} else {
result = e._e();
}
}
}
return result;
}
You probably need to look into function n which is taking the arguments "div" as string and css class as object "message-text" with other props like innerHTML...

whatinput.js issues on IE11

IE11 is having issues processing whatinput.js with the following error:
"File: whatinput.js, Line: 38, Column: 9" Object doesn't support property or method 'hasAttribute'
Chrome runs this just fine and the input field we are trying to run this on works perfectly.
Below is the script whatinput.js:
(function (a, b) {
typeof define === "function" && define.amd ? define([], function () {
return b()
}) : typeof exports === "object" ? module.exports = b() : a.whatInput = b()
})(this, function () {
function a(a) {
clearTimeout(p);
c(a);
k = !0;
p = setTimeout(function () {
k = !1
}, 1E3)
}
function b(a) {
k || c(a)
}
function c(a) {
var c = a.keyCode ? a.keyCode : a.which,
b = a.target || a.srcElement,
d = l[a.type];
d === "pointer" && (d = typeof a.pointerType === "number" ? q[a.pointerType] : a.pointerType);
if (h !== d && (i || !h || !(d === "keyboard" && o[c] !== "tab" && j.indexOf(b.nodeName.toLowerCase()) >=
0))) h = d, f.setAttribute("data-whatinput", h), n.indexOf(h) === -1 && n.push(h);
d === "keyboard" && g.indexOf(o[c]) === -1 && o[c] && g.push(o[c])
}
function d(a) {
a = g.indexOf(o[a.keyCode ? a.keyCode : a.which]);
a !== -1 && g.splice(a, 1)
}
var g = [],
f = document.body,
k = !1,
h = null,
j = ["input", "select", "textarea"],
i = f.hasAttribute("data-whatinput-formtyping"),
l = {
keydown: "keyboard",
mousedown: "mouse",
mouseenter: "mouse",
touchstart: "touch",
pointerdown: "pointer",
MSPointerDown: "pointer"
},
n = [],
o = {
9: "tab",
13: "enter",
16: "shift",
27: "esc",
32: "space",
37: "left",
38: "up",
39: "right",
40: "down"
},
q = {
2: "touch",
3: "touch",
4: "mouse"
},
p;
(function () {
var c = "mousedown";
window.PointerEvent ? c = "pointerdown" : window.MSPointerEvent && (c = "MSPointerDown");
f.addEventListener ? (f.addEventListener(c, b), f.addEventListener("mouseenter", b), "ontouchstart" in document.documentElement && f.addEventListener("touchstart", a), f.addEventListener("keydown", b), f.addEventListener("keyup", d)) : (f.attachEvent(c, b), f.attachEvent("mouseenter", b), "ontouchstart" in document.documentElement && f.attachEvent("touchstart",
a), f.attachEvent("keydown", b), f.attachEvent("keyup", d))
})();
return {
ask: function () {
return h
},
keys: function () {
return g
},
types: function () {
return n
},
set: c
}
});
Has anyone run across this issue before? if so what actions have been taken to correct.

Is this malicious javascript being served from a google server? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 6 years ago.
Improve this question
I like to look at the javascript that is running as I do my web browsing. Today I found what appears to be malicious tracking JS with a flash exploit being served from a google server. It's located in a directory for a JS framework. It's not the main CDN, but I still find it strange and possibly alarming.(keep in mind, I'm a JS novice)
It appears to be by "g u ng go', which after some googling seems to be a shady marketing firm IMO.
Here's the code(warning its really long):
var _gunggo = _gunggo || {};
_gunggo.settings = _gunggo.settings || {}, _gunggo.lib = _gunggo.lib || {},
_gunggo.lib.attEvt = function(e, t, n, i) {
if ("undefined" != typeof e.addEventListener) return void e.addEventListener(
t, n, i);
if ("undefined" != typeof e.attachEvent) return void e.attachEvent("on" +
t, n);
if (t = "on" + t, "function" == typeof e[t]) {
var r = e[t];
e[t] = function() {
return r(), n()
}
} else e[t] = n
}, _gunggo.lib.detEvt = function(e, t, n, i) {
e.removeEventListener && e.removeEventListener(t, n, i), e.detachEvent &&
e.detachEvent("on" + t, n)
}, _gunggo.lib.attOnce = function(e, t, n) {
_gunggo.lib.attEvt(e, t, function() {
_gunggo.lib.detEvt(e, t, arguments.callee), n()
})
}, _gunggo.lib.rc = function(e) {
for (var t = e + "=", n = document.cookie.split(";"), i = 0; i < n.length; i++) {
for (var r = n[i];
" " == r.charAt(0);) r = r.substring(1, r.length);
if (0 == r.indexOf(t)) return r.substring(t.length, r.length)
}
return null
}, _gunggo.lib.sct = function(e, t, n, i) {
document.cookie = e + "=" + t + (n ? ";expires=" + n : "") + (i ?
";domain=." + i : "") + ";path=/"
}, _gunggo.lib.sch = function(e, t, n, i) {
if (n) {
var r = new Date;
r.setTime(r.getTime() + 60 * n * 60 * 1e3), r = r.toGMTString()
} else r = "";
_gunggo.lib.sct(e, t, r, i)
}, _gunggo.lib.saveFreq = function(e, t, n) {
try {
if (!e.freqcap) return;
var i = _gunggo.lib.rc(t) || 0,
r = new Date;
0 == i ? (r.setTime(r.getTime() + 60 * e.freqcap.duration * 60 *
1e3), r = r.toGMTString()) : (r = i.split("|")[1], i = i.split(
"|")[0]), "session" == e.freqcap.duration ? r = null : null,
i = parseInt(i) + 1 + "|", i += r ? r : new Date, _gunggo.lib.sct(
t, i, r, n)
} catch (o) {
_gunggo.settings.debug && console.log(
"check _gunggo.settings from " + arguments.callee + ": " +
o)
}
}, _gunggo.lib.passFreqCap = function(e, t) {
try {
var n = _gunggo.lib.rc(t);
return n ? n.split("|")[0] < e.freqcap.frequency ? !0 : !1 : !0
} catch (i) {
_gunggo.settings.debug && console.log(
"check _gunggo.settings from " + arguments.callee + ": " +
i)
}
}, _gunggo.lib.saveActiveViews = function(e, t, n) {
if (e.activeViews) {
var i = _gunggo.lib.rc(t) || 0;
_gunggo.lib.sch(t, parseInt(i) + 1, null, n)
}
}, _gunggo.lib.passActiveViews = function(e, t) {
try {
var n = _gunggo.lib.rc(t) || 0;
return _gunggo.lib.log("ActiveViews: " + n), n > e.activeViews
} catch (i) {
_gunggo.lib.log("check _gunggo.settings from " + arguments.callee +
": " + i)
}
}, _gunggo.lib.passBrowser = function(e) {
try {
for (var t = !1, n = 0; n < e.browser.length; n++)
if (_gunggo.lib.log(e.browser[n]), e.browser[n] == _gunggo.browser
.agent) {
t = !0;
break
}
return "inclusive" == e.browserTarget && t ? !0 : "exclusive" != e.browserTarget ||
t ? !1 : !0
} catch (i) {
_gunggo.lib.log("check _gunggo.settings from " + arguments.callee +
": " + i)
}
}, _gunggo.lib.passOS = function(e) {
try {
for (var t = !1, n = 0; n < e.os.length; n++)
if (_gunggo.lib.log(e.os[n]), e.os[n] == _gunggo.browser.OS) {
t = !0;
break
}
return "inclusive" == e.ostarget && t ? !0 : "exclusive" != e.ostarget ||
t ? !1 : !0
} catch (i) {
_gunggo.lib.log("check _gunggo.settings from " + arguments.callee +
": " + i)
}
}, _gunggo.lib.dynInsert = function(e, t, n, i) {
var r = document.createElement("javascript" == e ? "script" : "link");
r.type = "text/" + e, "javascript" == e ? (r.src = t, i && _gunggo.lib.attEvt(
r, "load", i)) : (r.href = t, r.rel = "stylesheet"), n ? r.async = !
0 : null;
var o = document.getElementsByTagName("script")[0];
o.parentNode.insertBefore(r, o)
}, _gunggo.lib.insertCss = function(e, t) {
_gunggo.lib.dynInsert("css", e, t)
}, _gunggo.lib.insertScript = function(e, t, n) {
_gunggo.lib.dynInsert("javascript", e, t, n)
}, _gunggo.lib.log = function(e) {
_gunggo.settings.debug ? console.log(e) : null
}, _gunggo.lib.jsonp = function(e, t, n) {
_gunggo.lib.insertScript(e + t, n)
}, _gunggo.lib.passGeo = function(e, t) {
var n = _gunggo.lib.rc("_g.geo");
return n ? _gunggo.lib.passGeoTestAux(t, n) : e ? void _gunggo.lib.sch(
"_g.geo", e.countryShortName, 720) : void _gunggo.lib.jsonp(
"http://directrev.cloudapp.net/Webservice/GetVisitorCountryForJson?jsoncallback=",
"_gunggo.lib.passGeo", !0)
}, _gunggo.lib.passGeoTestAux = function(e, t) {
try {
var n = e.countries,
i = !1;
for (var r in n) n[r].toUpperCase() == t.toUpperCase() && (i = !0);
return "exclusive" == e.geotarget && i ? !1 : "exclusive" != e.geotarget ||
i ? "inclusive" == e.geotarget && i ? !0 : !1 : !0
} catch (o) {
_gunggo.settings.debug && console.log("check _gunggo.settings: " +
o)
}
}, _gunggo.lib.getSiteIDByGeo = function(e, t) {
var n = _gunggo.lib.rc("_g.geo");
n || _gunggo.lib.jsonp(
"http://directrev.cloudapp.net/Webservice/GetVisitorCountryForJson?jsoncallback=",
"_gunggo.lib.passGeo", !0);
var r = e.price;
for (i = 0; i < r.length; i++) {
var o = r[i];
for (j = 0; j < o.geo.length; j++) n == o.geo[j] && (t = o.id,
_gunggo.lib.log("SiteID changed to " + o.id +
", country is " + n))
}
return t
}, _gunggo.browser = {
init: function() {
this.agent = this.searchString(this.dataBrowser) ||
"An unknown browser", this.version = this.searchVersion(
navigator.userAgent) || this.searchVersion(navigator.appVersion) ||
"an unknown version", this.OS = this.searchString(this.dataOS) ||
"an unknown OS"
},
searchString: function(e) {
for (var t = 0; t < e.length; t++) {
var n = e[t].str,
i = e[t].prop;
if (this.versionSearchString = e[t].versionSearch || e[t].id,
n) {
if (-1 != n.indexOf(e[t].subStr)) return e[t].id
} else if (i) return e[t].id
}
},
searchVersion: function(e) {
var t = e.indexOf(this.versionSearchString);
if (-1 != t) return parseFloat(e.substr(t + this.versionSearchString
.length + 1))
},
isMobile: function() {
return
/(android|bb\d+|meego).+mobile|avantgo|bada\/|blackberry|blazer|compal|elaine|fennec|hiptop|iemobile|ip(hone|od)|iris|kindle|lge |maemo|midp|mmp|netfront|opera m(ob|in)i|palm( os)?|phone|p(ixi|re)\/|plucker|pocket|psp|series(4|6)0|symbian|treo|up\.(browser|link)|vodafone|wap|windows (ce|phone)|xda|xiino|android|ipad|playbook|silk/i
.test(navigator.userAgent || navigator.vendor || window.opera) ||
/1207|6310|6590|3gso|4thp|50[1-6]i|770s|802s|a wa|abac|ac(er|oo|s\-)|ai(ko|rn)|al(av|ca|co)|amoi|an(ex|ny|yw)|aptu|ar(ch|go)|as(te|us)|attw|au(di|\-m|r |s )|avan|be(ck|ll|nq)|bi(lb|rd)|bl(ac|az)|br(e|v)w|bumb|bw\-(n|u)|c55\/|capi|ccwa|cdm\-|cell|chtm|cldc|cmd\-|co(mp|nd)|craw|da(it|ll|ng)|dbte|dc\-s|devi|dica|dmob|do(c|p)o|ds(12|\-d)|el(49|ai)|em(l2|ul)|er(ic|k0)|esl8|ez([4-7]0|os|wa|ze)|fetc|fly(\-|_)|g1 u|g560|gene|gf\-5|g\-mo|go(\.w|od)|gr(ad|un)|haie|hcit|hd\-(m|p|t)|hei\-|hi(pt|ta)|hp( i|ip)|hs\-c|ht(c(\-| |_|a|g|p|s|t)|tp)|hu(aw|tc)|i\-(20|go|ma)|i230|iac( |\-|\/)|ibro|idea|ig01|ikom|im1k|inno|ipaq|iris|ja(t|v)a|jbro|jemu|jigs|kddi|keji|kgt( |\/)|klon|kpt |kwc\-|kyo(c|k)|le(no|xi)|lg( g|\/(k|l|u)|50|54|\-[a-w])|libw|lynx|m1\-w|m3ga|m50\/|ma(te|ui|xo)|mc(01|21|ca)|m\-cr|me(rc|ri)|mi(o8|oa|ts)|mmef|mo(01|02|bi|de|do|t(\-| |o|v)|zz)|mt(50|p1|v )|mwbp|mywa|n10[0-2]|n20[2-3]|n30(0|2)|n50(0|2|5)|n7(0(0|1)|10)|ne((c|m)\-|on|tf|wf|wg|wt)|nok(6|i)|nzph|o2im|op(ti|wv)|oran|owg1|p800|pan(a|d|t)|pdxg|pg(13|\-([1-8]|c))|phil|pire|pl(ay|uc)|pn\-2|po(ck|rt|se)|prox|psio|pt\-g|qa\-a|qc(07|12|21|32|60|\-[2-7]|i\-)|qtek|r380|r600|raks|rim9|ro(ve|zo)|s55\/|sa(ge|ma|mm|ms|ny|va)|sc(01|h\-|oo|p\-)|sdk\/|se(c(\-|0|1)|47|mc|nd|ri)|sgh\-|shar|sie(\-|m)|sk\-0|sl(45|id)|sm(al|ar|b3|it|t5)|so(ft|ny)|sp(01|h\-|v\-|v )|sy(01|mb)|t2(18|50)|t6(00|10|18)|ta(gt|lk)|tcl\-|tdg\-|tel(i|m)|tim\-|t\-mo|to(pl|sh)|ts(70|m\-|m3|m5)|tx\-9|up(\.b|g1|si)|utst|v400|v750|veri|vi(rg|te)|vk(40|5[0-3]|\-v)|vm40|voda|vulc|vx(52|53|60|61|70|80|81|83|85|98)|w3c(\-| )|webc|whit|wi(g |nc|nw)|wmlb|wonu|x700|yas\-|your|zeto|zte\-/i
.test((navigator.userAgent || navigator.vendor || window.opera)
.substr(0, 4))
},
dataBrowser: [{
str: navigator.userAgent,
subStr: "Chrome",
id: "Chrome"
}, {
str: navigator.userAgent,
subStr: "OmniWeb",
versionSearch: "OmniWeb/",
id: "OmniWeb"
}, {
str: navigator.vendor,
subStr: "Apple",
id: "Safari",
versionSearch: "Version"
}, {
prop: window.opera,
id: "Opera",
versionSearch: "Version"
}, {
str: navigator.vendor,
subStr: "iCab",
id: "iCab"
}, {
str: navigator.vendor,
subStr: "KDE",
id: "Konqueror"
}, {
str: navigator.userAgent,
subStr: "Firefox",
id: "Firefox"
}, {
str: navigator.vendor,
subStr: "Camino",
id: "Camino"
}, {
str: navigator.userAgent,
subStr: "Netscape",
id: "Netscape"
}, {
str: navigator.userAgent,
subStr: "MSIE",
id: "Explorer",
versionSearch: "MSIE"
}, {
str: navigator.userAgent,
subStr: "Trident",
id: "Explorer",
versionSearch: "Trident"
}, {
str: navigator.userAgent,
subStr: "Gecko",
id: "Mozilla",
versionSearch: "rv"
}, {
str: navigator.userAgent,
subStr: "Mozilla",
id: "Netscape",
versionSearch: "Mozilla"
}],
dataOS: [{
str: navigator.platform,
subStr: "Win",
id: "Windows"
}, {
str: navigator.platform,
subStr: "Mac",
id: "Mac"
}, {
str: navigator.userAgent,
subStr: "iPhone",
id: "iPhone/iPod"
}, {
str: navigator.userAgent,
subStr: "iPad",
id: "iPad"
}, {
str: navigator.platform,
subStr: "Linux",
id: "Linux"
}, {
str: navigator.userAgent,
subStr: "android",
id: "Android"
}]
}, _gunggo.browser.init(), _gunggo.trace = {
time: []
}, _gunggo.trace.warn = function(e) {
var t = new Date;
this.time.push(t);
var n = null;
this.time.length > 1 && (n = "From last point: " + (this.time[this.time
.length - 1].getTime() - this.time[this.time.length - 2]
.getTime()) + "ms"), _gunggo.settings.debug && console.log(e, t
.getFullYear() + "-" + t.getMonth() + "-" + t.getDate() + " " +
t.getHours() + ":" + t.getMinutes() + ":" + t.getSeconds() +
":" + t.getMilliseconds(), n)
};
! function() {
var e = document,
t = _gunggo,
a = t.browser,
o = t.lib,
r = t.pop = t.pop || {
placeHolder: function(e) {
t.pop.trigger(e)
}
},
i = "//ad.directrev.com",
s = t.settings.pop = t.settings.pop || {};
s.kw = s.kw || "", s.ref = s.ref || "", s.type = s.type || "popunder", s.infinite =
s.premium || s.infinite || "", "undefined" == typeof a.flash && (a.flash = !
!navigator.mimeTypes["application/x-shockwave-flash"]), t.settings.detection &&
blockAdBlock.on(!0, function() {
i = "//www.iamfine.pw"
}), e.evtL = e.evtL || {}, e._attEvt || (e._attEvt = e.addEventListener,
e.addEventListener = function(t, a, n) {
e._attEvt(t, a, n), e.evtL[t] || (e.evtL[t] = []), e.evtL[t].push(
a)
}), e._detEvt || (e._detEvt = e.removeEventListener, e.removeEventListener =
function(t, a, n) {
e._detEvt(t, a, n);
var o = e.evtL[t];
o && o.length > 0 && o.splice(o.indexOf(a), 1)
}), o.attEvt(e, "mousedown", r.placeHolder, 1), o.attEvt(e, "click",
r.placeHolder, 1), o.attEvt(e, "touchstart", r.placeHolder, 1), (s.geotarget ||
s.price) && o.passGeo(), r.enableFlashHack = 0, r.url = function() {
var e = navigator,
a = screen;
return i + "/RealMedia/ads/adstream_sx.ads/" + t.settings.siteID +
"/1" + 1e17 * Math.random() + "#x10?uln=" + (e.language ? e.language :
e.userLanguage).toLowerCase() + "&je=" + e.javaEnabled() +
"&ce=" + e.cookieEnabled + "&sr=" + a.width + "x" + a.height +
"&kw=" + s.kw + "&ref=" + s.ref
}, r.lock = function(e) {
e = e || window.event;
var t = e.target || e.srcElement;
t = t && t.tagName ? t.tagName.toUpperCase() : 0, e.cancelBubble =
1, e.preventDefault && e.preventDefault(), e.stopImmediatePropagation &&
e.stopImmediatePropagation(), e.stopPropagation && e.stopPropagation(),
e.stop && e.stop()
}, r.evtSrc = function(e) {
e = e || window.event;
var t = e.target || e.srcElement;
return t && t.tagName ? t.tagName.toUpperCase() : 0
}, o.passClickDelay = function(e) {
return e = s || e, e.clickDelay > 0 ? (o.log("Number of clicks: " +
e.clickDelay), e.clickDelay--, !1) : !0
}, r.trigger = function(n) {
o.log("pop type: " + s.type);
var i = t.settings;
o.saveActiveViews(s, "_g.pop.views"), o.saveActiveViews = function() {};
try {
if (t.trace.warn("user " + n.type), r.pause) return;
if (o.rc("_g.pop.swap") == self.location.pathname) return void o
.attEvt(window, "beforeunload", function() {
o.sch("_g.pop.swap", "", -1)
});
if ("Chrome" != a.agent && "mousedown" == n.type || "Firefox" ==
a.agent && 2 == n.button) return;
if (s.ostarget && !o.passOS(s)) return;
if (s.mobileOnly && !a.isMobile()) return;
if (s.browserTarget && !o.passBrowser(s)) return;
if (s.freqcap && !o.passFreqCap(s, "_g.pop")) return;
if (s.activeViews && !o.passActiveViews(s, "_g.pop.views"))
return;
if (s.geotarget && !o.passGeo(null, s)) return;
if (s.price && (i.siteID = o.getSiteIDByGeo(s, i.siteID)),
function(e) {
return e === document ? 0 : e.className && e.className.toUpperCase()
.split(" ").indexOf("_SKIP") >= 0 ? 1 : arguments.callee(
e.parentNode)
}(n.target)) return void o.log("_skip detected", n);
if (s.clickDelay && !o.passClickDelay()) return;
t.trace.warn("pass checks", n), i.debug && 0 !== s.mode && (s.mode =
s.mode || 10), s.mode = !i.debug && (s.mode < 10 && 0 !==
s.mode || "undefined" == typeof s.mode) ? 10 : s.mode,
s.infinite && (s.mode = s.infinite), o.log("mode: " + s.mode)
} catch (l) {
return void o.log(l)
}
r.enableFlashHack && e.evtL[n.type].filter(function(e) {
return e != r.placeHolder
}).length > 0 && r.lock(n), "tab" == s.type && "Chrome" == a.agent ?
(r.botClick(r.url()), r.pause = 1, setTimeout(r.clear, 1)) : r.enableFlashHack &&
r.swf.PercentLoaded && r.swf.PercentLoaded() > 0 && "HTML" != n
.target.tagName.toUpperCase && "OBJECT" != n.target.tagName.toUpperCase ?
0 == n.button && (r.swf.style.width = r.swf.style.height =
"100%", setTimeout(function() {
r.swf.style.width = r.swf.style.height = "1px"
}, 500)) : r.clickHandler(n)
}, window.g367CB268B1094004A3689751E7AC568F = {}, window.g367CB268B1094004A3689751E7AC568F
.ExternalChromePop = r.clickHandler = function(e) {
e = e || window.event, r.pause = 1, t.trace.warn("new window");
var i = screen,
l = s.width || i.width,
c = s.height || i.height,
p = a.agent,
d = "tab" == s.type ? "" : "width=" + l + ",height=" + c +
",top=" + (i.height - c) / 2 + ",left=" + (i.width - l) / 2 +
",resizable=no,scrollbars=yes,toolbar=no,location=no,directories=no,status=no,menubar=no,copyhistory=no";
if ("swaptab" != s.type) n = open(r.url(), "_blank", d);
else {
if (u = function(e) {
return e == document ? self.location : "A" == e.tagName
.toUpperCase() ? e.href : arguments.callee(e.parentNode)
}(e.target), !u) return;
o.sch("_g.pop.swap", self.location.pathname), n = open(u,
"_blank", ""), self.location = r.url()
}
var f = setInterval(function() {
r.closeOnEmpty(n, f)
}, 500);
setTimeout(function() {
r.clear(n)
}, 1), "popup" != s.type && ("Firefox" == p && n.window.open(
"about:blank").close(), "Explorer" == p && (n.blur(), n
.opener.focus()))
}, r.closeOnEmpty = function(e, t) {
if (o.rc("NoAd")) try {
e.close(), o.sct("NoAd", "",
"Thu, 01 Jan 1970 00:00:01 GMT"), clearInterval(t)
} catch (a) {}
}, r.clear = function(a) {
if (!a) return void o.log("fail to create new window");
t.trace.warn("clean up"), r.pause = 1;
var n = r.swf;
s.mode >= 0 && o.saveFreq(s, "_g.pop", s.domain ? s.domain : null),
s.infinite && (s.mode = s.infinite), s.mode <= 0 ? (o.detEvt(e,
"click", r.placeHolder, 1), o.detEvt(e, "mousedown", r.placeHolder,
1), o.detEvt(e, "touchstart", r.placeHolder, 1),
setTimeout(function() {
n && e.body.removeChild(n)
}, 200)) : setTimeout(function() {
s.mode = r.pause = 0, r.swf.style.visibility = "", t.trace
.warn("reopen start")
}, 1e3 * s.mode), n && (n.style.visibility = "hidden", n.style.width =
n.style.height = "1px")
}, r.botClick = function(t) {
var a = e.createElement("a"),
n = e.createEvent("MouseEvents");
a.href = t, n.initMouseEvent("click", !1, !0, window, 0, 0, 0, 0, 0, !
0, !1, !1, !0, 0, null), a.dispatchEvent(n)
}, r.flash = function() {
o.log("body loaded");
var t = HTMLElement.prototype,
a = e.createElement("param"),
n = e.createElement("object");
t.attr = t.setAttribute, a.attr("name", "allowscriptaccess"), a.attr(
"value", "always"), n.appendChild(a), a = e.createElement(
"param"), a.attr("name", "wmode"), a.attr("value",
"transparent"), n.appendChild(a), a = e.createElement(
"param"), a.attr("name", "allowfullscreen"), a.attr("value",
"true"), n.appendChild(a), n.attr("data",
"//az413505.vo.msecnd.net/images/pu.swf"), n.attr("style",
"position:fixed;width:1px;height:1px;z-index:999999;overflow:hidden;left:0px"
), e.body.insertBefore(n, e.body.firstChild), r.swf = n, e.removeEventListener(
"DOMContentLoaded", r.flash)
}, r.init = function() {
try {
o.detEvt(e, "mousedown", _gunggo.pop.open, 1), o.detEvt(e,
"click", _gunggo.pop.open, 1)
} catch (t) {}
}, r.clkPop = r.trigger, a.flash && "popunder" == s.type && "Chrome" ==
a.agent && "Mac" != a.OS && top.location == self.location && (e.body ?
r.flash() : e.addEventListener("DOMContentLoaded", r.flash), r.enableFlashHack =
1);
if (a.isMobile() && a.agent == "Safari") document.onclick = function() {
window.open(r.url(), "_blank")
};
}();
This is from a torrent site. Is this something that I should inform google about or something? The file is called bin.js and it has a query string attched to the end of s = 0007778. This shouldn't be hosted on a googleapis.com subdomain, should it?
It appears to check for a vulnerable browser and download a presumably malicious SWF file. I downloaded the SWF but I don't know how to effectively analyze it.

Categories

Resources