Javascript writing Javascript writing Javascript!



  • Found this in the Javascript of a web page: 

    document.write("

        <script language="JavaScript">

        if(typeof(parent.prInst)=='undefined')

        {

            var prInst=1

        }

        else

        {

            prInst=parent.prInst+1

        }

        for(i=0;i<parent.frames.length;i++)

        {

            if(parent.frames[i].title=='prif')

            {

                prInst++

            }

        }

        this.title='prif';

        var prs="http://ads.[adserver].com/PRServe/?pos=s&num="+prInst+"&"+location.search.substring(1)+"&r="+Math.random();

        document.write('<scr'+'ipt language="JavaScript" src="'+prs+'"></scr'+'ipt>');</script>")")

     

    Nah, I'm not actually going to bother starting here. 

    I added the formatting, it was just a big blob.



  • It is the Bad Code, it creates itself... It takes these line, and scatters them through the browser to lead itself back to this place.



  • I see javascript writing javascript alot for add sites.

    Im guessing its a way to bypass some of the add filters.

    Running the script on the website then loading the file externaly.

    Where an ad blocker would cut out the external js file before the page loaded, this loads the js file after the page loaded. 



  • [quote user="plazmo"]

    I see javascript writing javascript alot for add sites.

    Im guessing its a way to bypass some of the add filters.

    Running the script on the website then loading the file externaly.

    Where an ad blocker would cut out the external js file before the page loaded, this loads the js file after the page loaded. 

    [/quote]

     

    That's exactly what this is, without a doubt -- ad filter evasion.  That's the reason for '<scr'+'ipt>'.   The real clever ones will replace some or all of those characters with character entities, e.g. '<scr'+'&#105;pt>'



  • [quote user="merreborn"]

    That's exactly what this is, without a doubt -- ad filter evasion.  That's the reason for '<scr'+'ipt>'.

    [/quote]

    Well I guess that's another advantage of XHTML - no more document.write method. Only DOM.



  • [quote user="merreborn"][quote user="plazmo"]

    I see javascript writing javascript alot for add sites.

    Im guessing its a way to bypass some of the add filters.

    Running the script on the website then loading the file externaly.

    Where an ad blocker would cut out the external js file before the page loaded, this loads the js file after the page loaded. 

    [/quote]

     

    That's exactly what this is, without a doubt -- ad filter evasion.  That's the reason for '<scr'+'ipt>'.   The real clever ones will replace some or all of those characters with character entities, e.g. '<scr'+'&#105;pt>'

    [/quote]

    I've always found that amusing.  By attempting to evade ad filters, they run square into my ad filter, when a simple static image or slow-animated GIF would have come through just fine.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.