I am implementing a bookmarklet which communicates with a iframe through a JSON-RPC protocol.
However some sites, such as cnn.com load JSON2 into window.JSON although the browser already has a native JSON object.
The problem is that within my iframe I would not like to follow the same bad practice, and JSON2 does not seem to be compatible with the native JSON on Mozilla Firefox and Chrome:
So when I run stringify on the native JSON and JSON2, I get the following results:
JSON.stringify({key: "value"})
JSON2
{key:"value"}
Native JSON
{"key":"value"}
(Key is wrapped in ")
The problem is that the native JSON does not like it when the " is missing in the JSON2-produced string and throws an error:
Mozilla Firefox: SyntaxError: JSON.parse: expected property name or '}'
Google Chrome: SyntaxError: Unexpected token k
To solve the problem for good, I need to make sure that I use the same JSON library to encode the string as I do for decoding it.
One way of doing it is to make sure to use JSON2 or JSON3 on both sides, but I'd like to use the native json library where possible.
So now that sites like cnn.com have overriden the native JSON library, how can I get back to it?
I could perhaps create an iframe that points to the same domain and fetch the JSON object from its contentWindow, but that would be highly inefficient.
Isn't there a better way?
not sure if i understand your problem correctly
if you place an empty iframe like this
<iframe id="testFrame" name="testFrame" src="about:blank" style="display:none;"></iframe>
then you can also call from js
testFrame.JSON.stringify(obj);
the only problem is that if you use it in https: src could be javascript:false if you need to support IE6
EDIT: I still think i don't deserve the answer being accepted, so i've come up with a modified version of your code
(function($) {
var frm;
$.getNative = function(objectName, callback) {
if (!frm) {
frm= $("<iframe>", {
src: "javascript:false",
style: "display:none;"
}).appendTo("body").load(function(){
callback(this.contentWindow[objectName]);
// $(this).remove(); <-- this is commented to cache the iframe
});
}
callback(frm[0].contentWindow[objectName]);
}
})(jQuery)
this will enable you to use $.getNative() multiple times in a document without recreating the frame each time.
So far the best solution is to use an iframe, but as Crisim Il Numenoreano has pointed out, it should be pointed to about:blank or javascript:false. This seems to work fine so far:
function getNative(objectName, callback) {
$("<iframe>", {
src: "javascript:false",
style: "display:none;"
}).appendTo("body").load(function(){
callback(this.contentWindow[objectName]);
$(this).remove();
});
}
//Use like this:
getNative("JSON", function(JSON) {
console.log(JSON.stringify({key: "value"}));
});
Note that for bookmarklets jquery must be fetched from reliable sources and protected within a local scope too.
Related
I am in the process of setting up a blog through blogger.com and used a template from veethemes.com to get me started.
However, I noticed that there's an obfuscated script in the template and I'd prefer to know what it does to ensure that nothing untowards or unwanted is being done.
The code is as follows:
var _0x378a=["\x6B\x20\x45\x28\x73\x2C\x6E\x29\x7B\x79\x20\x73\x2E\x77\x28\x2F\x3C\x5C\x2F\x3F\x28\x3F\x21\x53\x5C\x73\x2A\x5C\x2F\x3F\x29\x5B\x61\x2D\x7A\x5D\x5B\x61\x2D\x54\x2D\x39\x5D\x2A\x5B\x5E\x3C\x3E\x5D\x2A\x3E\x2F\x4C\x2C\x22\x22\x29\x2E\x4B\x28\x2F\x5C\x73\x2B\x2F\x29\x2E\x31\x37\x28\x30\x2C\x6E\x2D\x31\x29\x2E\x5A\x28\x27\x20\x27\x29\x7D\x6B\x20\x31\x31\x28\x65\x2C\x74\x2C\x6E\x2C\x68\x2C\x63\x2C\x62\x2C\x71\x29\x7B\x35\x20\x72\x3D\x6A\x2E\x66\x28\x65\x29\x3B\x35\x20\x69\x3D\x6A\x2E\x66\x28\x6E\x29\x3B\x35\x20\x63\x3D\x63\x3B\x35\x20\x62\x3D\x62\x3B\x35\x20\x73\x3D\x22\x22\x3B\x35\x20\x6F\x3D\x72\x2E\x31\x39\x28\x22\x41\x22\x29\x3B\x35\x20\x61\x3D\x58\x3B\x35\x20\x70\x3D\x22\x22\x3B\x35\x20\x31\x36\x3D\x22\x75\x2E\x4D\x28\x57\x2E\x38\x2C\x20\x27\x31\x30\x27\x2C\x20\x27\x31\x32\x3D\x59\x2C\x20\x31\x33\x3D\x31\x34\x2C\x20\x31\x38\x3D\x78\x2C\x20\x31\x35\x3D\x78\x2C\x20\x4F\x2C\x20\x4E\x27\x29\x3B\x20\x79\x20\x50\x3B\x22\x3B\x49\x28\x6F\x2E\x51\x3E\x3D\x31\x29\x7B\x73\x3D\x27\x3C\x33\x20\x36\x3D\x22\x56\x2D\x55\x22\x3E\x3C\x61\x20\x38\x3D\x22\x27\x2B\x74\x2B\x27\x22\x3E\x3C\x41\x20\x36\x3D\x22\x52\x22\x20\x76\x3D\x22\x27\x2B\x6F\x5B\x30\x5D\x2E\x76\x2E\x77\x28\x2F\x73\x5C\x42\x5C\x64\x7B\x32\x2C\x34\x7D\x2F\x2C\x27\x73\x27\x2B\x31\x6F\x29\x2B\x27\x22\x20\x31\x71\x3D\x22\x22\x2F\x3E\x3C\x2F\x61\x3E\x3C\x2F\x33\x3E\x27\x3B\x61\x3D\x31\x73\x7D\x35\x20\x67\x3D\x27\x3C\x33\x20\x36\x3D\x22\x31\x72\x22\x3E\x3C\x33\x20\x36\x3D\x22\x31\x74\x22\x3E\x3C\x33\x20\x36\x3D\x22\x43\x22\x3E\x3C\x37\x20\x36\x3D\x22\x31\x61\x22\x3E\x27\x2B\x62\x2B\x27\x3C\x2F\x37\x3E\x3C\x37\x20\x36\x3D\x22\x31\x70\x22\x3E\x3C\x61\x20\x38\x3D\x22\x27\x2B\x74\x2B\x27\x23\x31\x6D\x22\x3E\x27\x2B\x63\x2B\x27\x3C\x2F\x61\x3E\x3C\x2F\x37\x3E\x3C\x2F\x33\x3E\x3C\x44\x3E\x3C\x61\x20\x38\x3D\x22\x27\x2B\x74\x2B\x27\x22\x3E\x27\x2B\x6E\x2B\x27\x3C\x2F\x61\x3E\x3C\x2F\x44\x3E\x3C\x33\x20\x36\x3D\x22\x43\x20\x31\x66\x22\x3E\x3C\x37\x20\x36\x3D\x22\x71\x22\x3E\x31\x65\x20\x31\x6E\x20\x27\x2B\x71\x2B\x27\x3C\x2F\x37\x3E\x3C\x37\x20\x36\x3D\x22\x68\x22\x3E\x31\x64\x20\x27\x2B\x68\x2B\x27\x3C\x2F\x37\x3E\x3C\x2F\x33\x3E\x3C\x2F\x33\x3E\x27\x2B\x73\x2B\x27\x3C\x33\x20\x36\x3D\x22\x31\x62\x22\x3E\x3C\x70\x3E\x27\x2B\x45\x28\x72\x2E\x6D\x2C\x61\x29\x2B\x27\x20\x5B\x2E\x2E\x2E\x2E\x2E\x5D\x3C\x2F\x70\x3E\x3C\x2F\x33\x3E\x3C\x2F\x33\x3E\x27\x3B\x72\x2E\x6D\x3D\x67\x7D\x3B\x75\x2E\x31\x63\x3D\x6B\x28\x29\x7B\x35\x20\x65\x3D\x6A\x2E\x66\x28\x22\x31\x67\x22\x29\x3B\x49\x28\x65\x3D\x3D\x31\x68\x29\x7B\x75\x2E\x31\x6C\x2E\x38\x3D\x22\x4A\x3A\x2F\x2F\x46\x2E\x47\x2E\x6C\x22\x7D\x65\x2E\x48\x28\x22\x38\x22\x2C\x22\x4A\x3A\x2F\x2F\x46\x2E\x47\x2E\x6C\x2F\x22\x29\x3B\x65\x2E\x48\x28\x22\x31\x6B\x22\x2C\x22\x31\x6A\x22\x29\x3B\x65\x2E\x6D\x3D\x22\x31\x69\x2E\x6C\x22\x7D","\x7C","\x73\x70\x6C\x69\x74","\x7C\x7C\x7C\x64\x69\x76\x7C\x7C\x76\x61\x72\x7C\x63\x6C\x61\x73\x73\x7C\x73\x70\x61\x6E\x7C\x68\x72\x65\x66\x7C\x7C\x7C\x74\x61\x67\x7C\x63\x6F\x6D\x6D\x65\x6E\x74\x7C\x7C\x7C\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x42\x79\x49\x64\x7C\x7C\x64\x61\x74\x65\x7C\x7C\x64\x6F\x63\x75\x6D\x65\x6E\x74\x7C\x66\x75\x6E\x63\x74\x69\x6F\x6E\x7C\x63\x6F\x6D\x7C\x69\x6E\x6E\x65\x72\x48\x54\x4D\x4C\x7C\x7C\x7C\x7C\x61\x75\x74\x68\x6F\x72\x7C\x7C\x7C\x7C\x77\x69\x6E\x64\x6F\x77\x7C\x73\x72\x63\x7C\x72\x65\x70\x6C\x61\x63\x65\x7C\x32\x34\x7C\x72\x65\x74\x75\x72\x6E\x7C\x7C\x69\x6D\x67\x7C\x7C\x6D\x65\x74\x61\x7C\x68\x32\x7C\x73\x74\x72\x69\x70\x54\x61\x67\x73\x7C\x77\x77\x77\x7C\x76\x65\x65\x74\x68\x65\x6D\x65\x73\x7C\x73\x65\x74\x41\x74\x74\x72\x69\x62\x75\x74\x65\x7C\x69\x66\x7C\x68\x74\x74\x70\x7C\x73\x70\x6C\x69\x74\x7C\x69\x67\x7C\x6F\x70\x65\x6E\x7C\x72\x65\x73\x69\x7A\x61\x62\x6C\x65\x7C\x73\x63\x72\x6F\x6C\x6C\x62\x61\x72\x73\x7C\x66\x61\x6C\x73\x65\x7C\x6C\x65\x6E\x67\x74\x68\x7C\x61\x72\x74\x69\x63\x6C\x65\x5F\x69\x6D\x67\x7C\x62\x72\x7C\x7A\x30\x7C\x6D\x65\x64\x69\x61\x7C\x70\x6F\x73\x74\x7C\x74\x68\x69\x73\x7C\x73\x75\x6D\x6D\x61\x72\x79\x5F\x6E\x6F\x69\x6D\x67\x7C\x35\x35\x30\x7C\x6A\x6F\x69\x6E\x7C\x77\x69\x6E\x64\x6F\x77\x4E\x61\x6D\x65\x7C\x72\x6D\x7C\x77\x69\x64\x74\x68\x7C\x68\x65\x69\x67\x68\x74\x7C\x36\x30\x30\x7C\x74\x6F\x70\x7C\x70\x6F\x70\x75\x70\x7C\x73\x6C\x69\x63\x65\x7C\x6C\x65\x66\x74\x7C\x67\x65\x74\x45\x6C\x65\x6D\x65\x6E\x74\x73\x42\x79\x54\x61\x67\x4E\x61\x6D\x65\x7C\x61\x72\x74\x69\x63\x6C\x65\x5F\x74\x61\x67\x73\x7C\x61\x72\x74\x69\x63\x6C\x65\x5F\x65\x78\x63\x65\x72\x70\x74\x7C\x6F\x6E\x6C\x6F\x61\x64\x7C\x6F\x6E\x7C\x70\x6F\x73\x74\x65\x64\x7C\x70\x6F\x73\x74\x5F\x6D\x65\x74\x61\x7C\x61\x74\x74\x72\x69\x5F\x62\x75\x74\x69\x6F\x6E\x7C\x6E\x75\x6C\x6C\x7C\x56\x65\x65\x54\x68\x65\x6D\x65\x73\x7C\x64\x6F\x66\x6F\x6C\x6C\x6F\x77\x7C\x72\x65\x6C\x7C\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x7C\x63\x6F\x6D\x6D\x65\x6E\x74\x73\x7C\x62\x79\x7C\x37\x30\x30\x7C\x61\x72\x74\x69\x63\x6C\x65\x5F\x63\x6F\x6D\x6D\x65\x6E\x74\x73\x7C\x73\x74\x79\x6C\x65\x7C\x61\x72\x74\x69\x63\x6C\x65\x5F\x63\x6F\x6E\x74\x61\x69\x6E\x65\x72\x7C\x73\x75\x6D\x6D\x61\x72\x79\x69\x7C\x61\x72\x74\x69\x63\x6C\x65\x5F\x68\x65\x61\x64\x65\x72","","\x66\x72\x6F\x6D\x43\x68\x61\x72\x43\x6F\x64\x65","\x72\x65\x70\x6C\x61\x63\x65","\x5C\x77\x2B","\x5C\x62","\x67"];
eval(function(_0x6c60x1,_0x6c60x2,_0x6c60x3,_0x6c60x4,_0x6c60x5,_0x6c60x6)
{_0x6c60x5=function(_0x6c60x3){return (_0x6c60x3<_0x6c60x2?_0x378a[4]:_0x6c60x5(
parseInt(_0x6c60x3/_0x6c60x2)))+((_0x6c60x3=_0x6c60x3%_0x6c60x2)>35?String[_0x378a[5]]
(_0x6c60x3+29):_0x6c60x3.toString(36))};if(!_0x378a[4][_0x378a[6]]
(/^/,String)){while(_0x6c60x3--){_0x6c60x6[_0x6c60x5(_0x6c60x3)]=_0x6c60x4[_0x6c60x3]||_0x6c60x5(_0x6c60x3)};
_0x6c60x4=[function(_0x6c60x5){return _0x6c60x6[_0x6c60x5]}];_0x6c60x5=function(){return _0x378a[7]};_0x6c60x3=1;};
while(_0x6c60x3--){if(_0x6c60x4[_0x6c60x3])
{_0x6c60x1=_0x6c60x1[_0x378a[6]]( new
RegExp(_0x378a[8]+_0x6c60x5(_0x6c60x3)+_0x378a[8],_0x378a[9]),
_0x6c60x4[_0x6c60x3])}};return _0x6c60x1;}(_0x378a[0],62,92,_0x378a[3]
[_0x378a[2]](_0x378a[1]),0,{}));
I was able to decode the first part using ddecode.com and came up with the following:
var _0x378a=["k E(s,n){y s.w(/<\/?(?!S\s*\/?)[a-z][a-T-9]*[^<>]*>/L,"").K(/\s+/).17(0,n-1).Z(' ')}k 11(e,t,n,h,c,b,q){5 r=j.f(e);5 i=j.f(n);5 c=c;5 b=b;5 s="";5 o=r.19("A");5 a=X;5 p="";5 16="u.M(W.8, '10', '12=Y, 13=14, 18=x, 15=x, O, N'); y P;";I(o.Q>=1){s='<3 6="V-U"><a 8="'+t+'"><A 6="R" v="'+o[0].v.w(/s\B\d{2,4}/,'s'+1o)+'" 1q=""/></a></3>';a=1s}5 g='<3 6="1r"><3 6="1t"><3 6="C"><7 6="1a">'+b+'</7><7 6="1p"><a 8="'+t+'#1m">'+c+'</a></7></3><D><a 8="'+t+'">'+n+'</a></D><3 6="C 1f"><7 6="q">1e 1n '+q+'</7><7 6="h">1d '+h+'</7></3></3>'+s+'<3 6="1b"><p>'+E(r.m,a)+' [.....]</p></3></3>';r.m=g};u.1c=k(){5 e=j.f("1g");I(e==1h){u.1l.8="J://F.G.l"}e.H("8","J://F.G.l/");e.H("1k","1j");e.m="1i.l"}","|","split","|||div||var|class|span|href|||tag|comment|||getElementById||date||document|function|com|innerHTML||||author||||window|src|replace|24|return||img||meta|h2|stripTags|www|veethemes|setAttribute|if|http|split|ig|open|resizable|scrollbars|false|length|article_img|br|z0|media|post|this|summary_noimg|550|join|windowName|rm|width|height|600|top|popup|slice|left|getElementsByTagName|article_tags|article_excerpt|onload|on|posted|post_meta|attri_bution|null|VeeThemes|dofollow|rel|location|comments|by|700|article_comments|style|article_container|summaryi|article_header","","fromCharCode","replace","\w+","\b","g"];
If I remove the script, the site breaks in certain places like Read More no longer cuts off the article on the home page and post headers are no longer visible, etc.
Any help in decoding this or tips on tools that may be available that would help me would be much appreciated.
Just remove eval in the code and throw it in the developer console.
This is for Non-IE browsers-
I was working on a requirement which needed a XML file to be parsed. After looking at some options, i ended up finding $.parseXML in jQuery.
It worked fine and i can now read the content of the XML from there. But what surprised me was this-
Definition of $.parseXML is-
$.parseXML = function (n){
var r,i;if(!n||"string"!=typeof n)return null;
try{
e.DOMParser
? (i=new DOMParser,r=i.parseFromString(n,"text/xml"))
: (r=new ActiveXObject("Microsoft.XMLDOM"),r.async="false",r.loadXML(n))
}catch(o){
r=t
}
return r&&r.documentElement&&!r.getElementsByTagName("parsererror").length||b.error("Invalid XML: "+n),r}
Now, if you look at the code, the part 'r=new ActiveXObject("Microsoft.XMLDOM")' is what confuses me the most.
Normally, if we try the same thing independently, then the following error is thrown-
ReferenceError: ActiveXObject is not defined
Can someone explain me how is this made possible in jQuery?
The code inside the function definition is meant for IE only.
The ActiveX code is present as a fallback mechanism in case the browser is IE and doesn't support DOMParser(IE9 Supports DOMParser). My guess it that it's still there in case of executing the jquery code in IE8 and below.
The below code works perfectly outside of Joomla2.5. as well as in earlier versions of Joomla , but fails when it's within a Joomla2.5 article, or rendered by a Joomla2.5 plugin.
The line in question is this one.
s1.addVariable('playlistfile', 'http://www.myserver.com/playlist.php?s=123&u=789
It returns an XML playlist which the player normally loads and plays as expected, but is the cuplprit because using a hardcoded file name with an XML extention works properly. I've tried all the usual encoding routines, but with no luck. Is there an approach, or syntax, that will work from within Joomla2.5?
Full Context:
<script type='text/javascript'>
var s1 = new SWFObject('http://www.myserver.com/v5.7/player.swf', 'player', '420', '315', '9.0.124', '#FFFFFF');
s1.addParam('allowfullscreen', 'true');
s1.addParam('allowscriptaccess', 'always');
s1.addVariable('streamer', 'rtmp://streaming.myserver.com/');
s1.addVariable('playlistfile', 'http://www.myserver.com/playlist.php?s=123&u=789');
s1.write('mediaspace1');
</script>
Also, I'm aware that there are newer, and other ways of loading the JW Player, but this is an interim step of converting many, many sites, and some legacy code must be retained.
Among the "usual encoding", have you tried "encodeURIComponent()" while adding the playlistfile variable? Not sure if PHP encoding would accomplish it, but Flash will not handle it correctly otherwise.
Is there anyway by adding to this javascript I can ingore anything after the .com/ .net/ .org/ etc for tab.url.
So if tab.url = examplesite.com/blabla/blabla.html it will replace tab.url with examplesite.com/ and ignore anything after it.
Here's my background.html script.
<script type="text/javascript">
chrome.browserAction.onClicked.addListener(function(tab) {
chrome.tabs.getSelected(null,function(tab) {
chrome.tabs.create( { url: "http://www.mysite.com/index.php?q=" +tab.url } );
});
});
</script>
Or do I need to program this into mysite to strip the Url? I was wondering if it is possible with Javascript... (not my forte.)
Thank you for any help you may be able to give me.
Unfortunately there is not parseUri function built into javascript but you could build what you're asking for using regular expressions. An example of this can be found here:
http://blog.stevenlevithan.com/archives/parseuri
Also, I've never tried to access it from a Chrome extension, but I suspect you have access to the window.location variable which is an object that contains broken down parts of the current page's url. Trying console.log(window.location) and look at the content of the object.
I am trying to browse a website, however, it only works under Windows and Mac because they use the navigator.platform from JavaScript to find out the architecture I am running on. Of course, they also use the browser's user agent, but that was easy to spoof.
Here is the .js in question: http://pastebin.com/f56fd608d. The code responsible for browser detection is at the top. Is there any way of changing the .js file before the site runs, or something similar, so I can eliminate the check?
Using the JavaScript console yields:
>navigator.platform
Linux i686
Evidently I changed the browser's user agent, but navigator.platform does not seem to take it's value from the user agent.
Maybe someone knows how to change the value returned by navigator.platform, because I hate running Windows under VirtualBox to use this site.
EDIT:
This could be of interest because Linux users might be artificially denied access to websites, and can do nothing about it.
var fakePlatformGetter = function () {
return "your fake platform";
};
if (Object.defineProperty) {
Object.defineProperty(navigator, "platform", {
get: fakePlatformGetter
});
Object.defineProperty(Navigator.prototype, "platform", {
get: fakePlatformGetter
});
} else if (Object.prototype.__defineGetter__) {
navigator.__defineGetter__("platform", fakePlatformGetter);
Navigator.prototype.__defineGetter__("platform", fakePlatformGetter);
}
Since you can't directly set navigator.platform, you will have to be sneaky - create an object that behaves like navigator, replace its platform, then set navigator to it.
var fake_navigator = {};
for (var i in navigator) {
fake_navigator[i] = navigator[i];
}
fake_navigator.platform = 'MyOS';
navigator = fake_navigator;
If you execute this code before the document loads (using GreaseMonkey, an addon or a Chrome extension), then the page will see navigator.platform as "MyOS".
Note: tested only in Chrome.
Provided that the browser you're using supports Object.defineProperty() (it likely does), a more modern way of achieving the same goal is as follows:
Object.defineProperty(navigator, 'platform', {
value: 'my custom value',
configurable: true // necessary to change value more than once
});
This allows you to set it to any custom value you want, and it also allows you to change it as many times as you want without needing to reload the page.
For a Mozilla-based browser, GreaseSpot / Code Snippets # Hijacking browser properties demonstrates how it may be done. This code may be injected from a GreaseMonkey script.
about:config - > general.platform.override
Attempting to change this property (at any time) in Firefox yields:
Error: setting a property that has only a getter
Source File: index.html
Line: 1
So I think you will have a hard time.
I'd try to contact the author about obtaining a fix.