Unescaped String in HTML - javascript

This Was sent to me in Facebook embedded in a HTML.. i didnt open this since i suspected it. Can anyone please tell me what it does?
Problem Statement : This is was written using document.write(unescape('<something here>');
I unescaped this.
`<script type="text/javascript"> // <![CDATA[
if ( (navigator.userAgent.indexOf('Android') != -1) ) {
document.location = "http://s3.amazonaws.com/video-asntjhwert/s.html";
} // ]]>
</script>
<script language=javascript>
if((navigator.userAgent.match(/iPhone/i)) || (navigator.userAgent.match(/iPod/i)))
{
location.replace("http://s3.amazonaws.com/video-asntjhwert/s.html");
}
</script>
<body>
<script>
if (navigator['userAgent']['indexOf']('Firefox') != -1) {
window['location'] = 'https://s3.amazonaws.com/video-asntjhwert/index.html';
} else {
if (navigator['userAgent']['indexOf']('Facebook Bot') != -1) {
window['location'] = 'http://google.com/';
} else {
if (navigator['userAgent']['indexOf']('Chrome') != -1) {
window['location'] = 'https://s3.amazonaws.com/video-asntjhwert/index.html';
} else {
window['location'] = 'http://s3.amazonaws.com/video-asntjhwert/s.html';
};
};
};
</script>
</body>'));
`

The first part checks which mobile OS You are using Android or iOS,
whereas the second part looks for PC browsers, and there is one thing common between them, its reroutes you to a webpage, hosted potentially on AWS servers and probably is a video, and you can conclude that its mostly an Ad! But be aware it may be a malware in disguise too injected by some one!

Related

Javascript detect language and redirect

I know there are many answers here. I have tried the following codes, but it keep not workings or keep redirect with showing a blank page.
I just want to detect all using Chinese language to go to the page with chinese, others go to English page.
How should I sueccessful do this function in a simple way?
Should i placed the detect code in both chi and eng page? and if the url included the "utm", how to keep this url with url after redirect?
http://www.testing.com/tc/testing.html?utm_source=test
<script type="text/javascript">
var userLang = navigator.language || navigator.userLanguage;
switch(userLang){
case 'zh-CN':
window.location.href = '/tc/testing.html;
break;
case 'zh-TW':
window.location.href = '/tc/testing.html';
break;
case 'zh-HK':
window.location.href = '/tc/testing.html';
break;
default:
// if it's something else fall back to the default
window.location.href = '/tc/testing.html';
break;
}
</script>
Or
<script type='text/javascript'>
var language = window.navigator.language;
if(language == 'zh-CN' || language == 'zh-TW' || language == 'zh-HK')
{
window.location.href = '../tc/testing.html'
}
else {
window.location.href = '../en/testing.html'
}
</script>

Checking a URL in an if/else statement?

I'm trying to check a submitted URL (excluding any additional paths).
The user submitted URL is:
var inputUrl = document.getElementById("inputVal").value;
If the user submits 'http://stackoverflow.com/questions/ask' then I'm trying to create an if/else statement that will determine whether the site is 'stackoverflow.com', regardless of 'http/https' or any '/.../.../' after .com
if (inputUrl == "stackoverflow.com") {
console.log ("stackoverflow");
} else {
console.log("not stackoverflow");
}
Any help would be greatly appreciated.
if(inputUrl.toLowerCase().indexOf("stackoverflow.com") > -1) {
...
}
A little trick to have the browser do most stuff for you (can be found at MDN):
var url = document.createElement('a');
url.href = 'http://stackoverflow.com/questions/ask';
console.log(url.host); // stackoverflow.com
if (url.host == "stackoverflow.com") {
console.log ("stackoverflow");
} else {
console.log("not stackoverflow");
}
The same way you can also access other parts of the URL like protocol or hash.
$("button").on("click",function(){
var inputUrl = document.getElementById("inputVal").value;
inputUrl=inputUrl.split("http://")[1] || inputUrl.split("https://")[1] ;
inputUrl=inputUrl.split("/")[0];
if (inputUrl == "stackoverflow.com") {
console.log ("stackoverflow");
} else {
console.log("not stackoverflow");
}
}) ;
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js"></script>
<input id="inputVal" value="http://stackoverflow.com/questions/ask">
<button>
submit
</button>
jsfiddle Demo : https://jsfiddle.net/geogeorge/h40dvbq6/2/

Excute jquery if url is home page

I need to fire piece of jQuery code only if it is home page.
URL probability are
http://www.example.com
http://www.example.com/
http://www.example.com/default.aspx
How can i run code if it is any of the above url i can use
var currenturl = window.location
but then i have to change this every time i move my code to server as on local host my url is like
http://localhost:90/virtualDir/default.aspx
in asp.net we can get the it using various
HttpContext.Current.Request.Url.AbsolutePath
or
HttpContext.Current.Request.ApplicationPath
I am not sure what are the equivalent in jQuery
reference of asp.net example
UPDATE:
I have taken a simple approach as i could not find other easy way of doing it
var _href = $(location).attr('href').toLowerCase()
var _option1 = 'http://localhost:51407/virtualDir/Default.aspx';
var _option2 = 'http://www.example.com/Default.aspx';
var _option3 = 'http://www.example.com/';
if (_href == _option1.toLowerCase() || _href == _option2.toLowerCase() || _href == _option3.toLowerCase()) {
$(".bar-height").css("min-height", "689px");
// alert('aa');
}
else
{ //alert('bb'); }
Could you only include the script on the page where it's needed? i.e. only use <script type="text/javascript" src="homepage.js"></script> from default.aspx ?
If not, then, as dfsq said - use window.location.pathname .
var page = window.location.pathname;
if(page == '/' || page == '/default.aspx'){
// -- do stuff
}
You could just get the part after the last slash, to account for folder differences...
var page = window.location.toString();
page = page.substring(page.lastIndexOf('/'));
... but this would be true for both example.com/default.aspx and example.com/folder1/default.aspx.
Remember, this Javascript is client-side, so there's no equivalent to the C# example you linked.
You could use my approch to know exactly the page (also with urlrouting) to use it in javascript:
I use the body id to identify the page.
javascript code:
$(document).ready(function () {
if (document.body.id.indexOf('defaultPage') == 0) {
/*do something*/
}
});
Asp.net code:
in masterpage or page (aspx):
...
<body id="<%=BodyId %>">
...
code behind:
private string _bodyId;
public string BodyId
{
get
{
if (string.IsNullOrWhiteSpace(_bodyId))
{
var path = GetRealPagePath().TrimStart('/','~');
int index = path.LastIndexOf('.');
if (index > -1)
{
path = path.Substring(0, index);
}
_bodyId = path.Replace("/", "_").ToLower();
}
return string.Concat(_bodyId,"Page");
}
}
public string GetRealPagePath()
{
string rtn = Request.Path;
if (Page.RouteData != null && Page.RouteData.RouteHandler!= null)
{
try
{
if (Page.RouteData.RouteHandler.GetType() == typeof(PageRouteHandler))
{
rtn=((PageRouteHandler)Page.RouteData.RouteHandler).VirtualPath;
}
else
{
rtn = Page.Request.AppRelativeCurrentExecutionFilePath;
}
}
catch (Exception ex)
{
Logger.Error(string.Format("GetRealPagePath() Request.Path:{0} Page.Request.AppRelativeCurrentExecutionFilePath:{1}", Request.Path, rtn), ex);
}
}
return rtn;
}

Javascript not redirecting

I have searched extensively for the javascript code to redirect to a different page on the same site and in the same folder and I have tried numerous things. I'm unable to get it to work in localhost or on the web-server. This is what I've tried:
<script type="text/javascript">
function confirm_submit()
{
var con = confirm("Submit form and print invoice?");
var url = 'dashboard.php?del=no';
if (con == true) {
document.location.href = url;
/*I have also tried:
window.location = 'dashboard.php?del=no';
window.location.replace("dashboard.php?del=no");
window.location.href = "dashboard.php?del=no";
*/
}
else {
return false;
}
}
</script>
This is the code on the button :
onclick="return(confirm_submit())"
From everything I've read this should work but it is not working. Can someone please tell me why it is not working and what I need to do to make it work? Thank you in advance.
EDIT: I have answered the question below. It's a workaround, but it is doing the job.
this will work without submitting your form
var url = window.location.href;
splitUrl = url.split("/");
splitUrl[splitUrl.length-1]="your page";
url = splitUrl.join("/");
window.location.href = url;
I have spent too much time on this issue so I have decided to go a different route. I'm using javascript to change the value of a hidden field and then using PHP to redirect to the other page as a result of the posted value of the hidden field. Thanks to all who have given their time to this matter on my behalf. Cheers
<script type="text/javascript">
function confirm_submit()
{
var con = confirm("Submit form and print invoice?");
if (con == true) {
document.getElementById('bool').value = true;
$("#edit_workorder").submit();
}
else {
return false;
}
}
</script>
And the PHP is:
if($bool == true) {
header("Location:dashboard.php?del=no");
exit;
}
It's doesn't really answer the question, but it works and that is more important to me right now.

Issues in loading dynamic player through script

I am trying to load a dynamic player according to the browser like activeX plugin for Internet explorer using object tag and vlc plugin for Firefox and Google Chrome using embed tag, so I have tried to include it in the script so that onload it can detect what browser it is and display the player according but unfortunately I'm getting the following error:
Unable to get value of the property 'add': object is null or undefined
Following is my code:
<head>
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js"> </script>
<script type="text/javascript">
var client = "FF";
$(document).ready(function(){
checkIE();
startUp();
//startIt();
$(function(){
$("#vlcIE").css({ "width": "400px", "height": "300px" });
});
});
function checkIE() {
var clientCheck = window.navigator.appName;
if (clientCheck == "Microsoft Internet Explorer") {
alert("IE");
client = "IE";
return true;
} else {
alert("FF");
client = "FF";
return false;
}
}
function startIt(){
if(client == "IE"){
playInIE();
}else{
playInOthers();
}
}
function playInOthers() {
alert("playin FF");
var players = document.getElementsByName("video1");
var options = new Array("");
url = "rtsp://184.72.239.149/vod/mp4:BigBuckBunny_115k.mov";
var id = players[0].playlist.add(url, null, options);
players[0].playlist.playItem(id);
alert("playing video");
}
function playInIE() {
alert("play in IE");
var vlc = document.getElementById("vlcIE");
var options = new Array(":aspect-ratio=16:10", "--rtsp-tcp");
//var options=[":ts-csa-ck="+EncryptionkeyValue];
var urlVideofile = "rtsp://184.72.239.149/vod/mp4:BigBuckBunny_115k.mov";
var targetURL = "rtsp://184.72.239.149/vod/mp4:BigBuckBunny_115k.mov";
var itemId = vlc.playlist.add(targetURL, "", options);
var id = vlc.playlist.add(urlVideofile, null, options);
vlc.playlist.playItem(id);
}
function startUp(){
var player;
if (client == "IE") {
player = "<object type='application/x-vlc-plugin' id='vlcIE' width='300' height='225' classid='clsid:9BE31822-FDAD-461B-AD51-BE1D1C159921' ></object>";
} else {
player = "<embed type='application/x-vlc-plugin' pluginspage='http://www.videolan.org' id='vlc' name='video1' autostart='yes' toolbar='false' loop='yes' width='400' height='300' target='rtsp://184.72.239.149/vod/mp4:BigBuckBunny_115k.mov' />";
}
//$("#video_holder").html(player);
document.getElementById("video_holder").innerHTML=player;
}
</script>
</head>
<body>
<div id="video_holder" style="border:1px solid #00FF33"></div>
<button type="button" id="start" onClick="startIt()">Start</button>
</body>
Your calling an function as an variable here:
if (checkIE) {
That should be:
if (checkIE()) {
And you've got to return an value from your checkIE function like this:
function checkIE() {
var client = window.navigator.appName;
if (client == "Microsoft Internet Explorer") {
alert("IE");
playvideos();
return true;
} else {
alert("FF");
hello();
return false;
}
}
( you also had an semicolon ( ; ) at the end of your function. That doesn't belong there either
Also, you maybe wan't to start using javascripts console.log instead of alert. In that way, you're javascript isn't interrupted, but you can see it's path in the console
EDIT 1
You had some more error's in your script. After fixing that, i "worked" for me ( you can check this JSFiddle out to see it "working"
The problem was that you've got this piece of code:
if (checkIE) {
var player = "<object type='application/x-vlc-plugin' id='vlc' width='300' height='225' classid='clsid:9BE31822-FDAD-461B-AD51-BE1D1C159921'></object>";
} else {
var player = "<embed type='application/x-vlc-plugin' pluginspage='http://www.videolan.org' id='vlc' name='video1' autostart='yes' toolbar='true' loop='yes' width='400' height='300'
target='rtsp://184.72.239.149/vod/mp4:BigBuckBunny_115k.mov' />"
}
You've got an newline before target=... that's illegal. You also forgot an semicolon at the end of that line. So here's the working script part:
if (checkIE()) {
var player = "<object type='application/x-vlc-plugin' id='vlc' width='300' height='225' classid='clsid:9BE31822-FDAD-461B-AD51-BE1D1C159921'></object>";
} else {
var player = "<embed type='application/x-vlc-plugin' pluginspage='http://www.videolan.org' id='vlc' name='video1' autostart='yes' toolbar='true' loop='yes' width='400' height='300' target='rtsp://184.72.239.149/vod/mp4:BigBuckBunny_115k.mov' />";
}
I've also changed the alerts to console.log in the fiddle for easier testing
EDIT 2
I've got it sort of working now. You can check the code at THIS PASTEBIN.
Only problem: It isn't playing any video.
EDIT 3
I've tested the IE part, and I found out that the navigator.appname = Netscape.
So in your checkIE function you change the check line to this:
if (clientCheck == "Microsoft Internet Explorer" || clientCheck == "Netscape") {
EDIT 4
Turned out that the browser check was totaly wrong. I've googled a lot and finaly found an working solution. If you check this PASTEBIN out, then you've got an working example.

Categories

Resources