document.write(unescape
|
Nov. 04, 2010, 01:40 AM
Post: #1
|
|||
|
|||
document.write(unescape
Hi,
More of the sportstream serving sites (like http://www.fromsport.com for example) make heavy use of all kinds of tricks to hide their (sometimes not so nice) code, like countless document.write(unescape javascripts. Should it be hard, or anyone willing to give me a little push on how to create a filter that will still allow the unescape script, but adds a comment after it containing the decoded (unescape) source of the javascript above ? Something like this : Code: <script language='Javascript'>document.write(unescape('%54%6f%72%6f%6e%74%6f%20%4d%61%70%6c%65%20%4c%65%61%66%73%20%76%73%20%57%61%73%68%69%6e%67%74%6f%6e%20%43%61%70%69%74%61%6c%73'));</script> |
|||
Nov. 05, 2010, 12:32 AM
Post: #2
|
|||
|
|||
RE: document.write(unescape
Code: [Patterns] |
|||
Nov. 05, 2010, 04:05 PM
(This post was last modified: Nov. 05, 2010 04:14 PM by Toppy.)
Post: #3
|
|||
|
|||
RE: document.write(unescape
Thanks JJoe,
It doesn't catch the majority of these things like : Code: document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); Don't even know if it's possible to catch exactly what it has to, will probably have to take into account that all those functions start with a ( and end with a ) My limited knowledge hasn't got to handle it perfectly yet, but I'll keep trying. EDIT: Currently I have this, which *seems* to catch all at first sight. Code: [Patterns] Code: <script language='Javascript'>document.write(unescape('%4e%41%53%43%41%52%20%53%70%72%69%6e%74%20%43%75%70'));</script> |
|||
Nov. 05, 2010, 06:40 PM
Post: #4
|
|||
|
|||
RE: document.write(unescape
I don't think the Proxomitron's unescape routine does space (%20), tab (\t %09), return (\r %0d), new line (\n %0a), or non-displayable ASCII characters.
http://www.proxomitron.info/45/help/Matc....html#UESC Code: [Patterns] Checking for "document.write" first should speed up page load by letting the filter fail quicker. Sidki's set does have a converter. "Test Window: Unescape Strings" unescapes most escaped characters in the code added to the Proxomitron's Test Window. |
|||
« Next Oldest | Next Newest »
|