Does anyone know how this JavaScript code works?

Question

Does anyone know how this JavaScript code works?

Navigation

#1 by (3 votes)

-4

<!doctype html>
<html>
<head>
            <meta charset="utf-8" />
        <style>
            * { border: 0; margin: 0; outline: 0; padding: 0;}
        </style>
        <title></title>
    </head>
<body>
    <script type="text/javascript">
        (function (d, w, h) {
                        var reverseUrl = '//' + location.host + '/afu.php?zoneid=1209384&var=1209384';
                        h.pushState(null, document.title, reverseUrl);
            h.pushState(null, document.title, reverseUrl);
        })(document, window, history);
    </script>

    <script type='text/javascript'>
        if (window.top !== window.self && false) {
            window.top.location.href = 'http://sendtestewebsite.com;
        } else {
            location.href = 'http://sendtestewebsite.com';
        }
    </script>
</body>
</html>

javascript

asked by anonymous 11.05.2018 / 23:44

1 answer

Improve the performance of a method with pointers Check which is greater using a formula in python [closed]

score 3 · Accepted Answer

First, there is a syntactic error here:

            window.top.location.href = 'http://sendtestewebsite.com;

The ' was missing by closing the string:

            window.top.location.href = 'http://sendtestewebsite.com';

Now, let's reformat the code to better understand:

<!doctype html>
<html>
    <head>
        <meta charset="utf-8" />
        <style>
            * { border: 0; margin: 0; outline: 0; padding: 0;}
        </style>
        <title></title>
    </head>
    <body>
        <script type="text/javascript">
            (function (d, w, h) {
                var reverseUrl = '//' + location.host + '/afu.php?zoneid=1209384&var=1209384';
                h.pushState(null, document.title, reverseUrl);
                h.pushState(null, document.title, reverseUrl);
            })(document, window, history);
        </script>

        <script type='text/javascript'>
            if (window.top !== window.self && false) {
                window.top.location.href = 'http://sendtestewebsite.com';
            } else {
                location.href = 'http://sendtestewebsite.com';
            }
        </script>
    </body>
</html>

Let's start with this:

            (function (d, w, h) {
                var reverseUrl = '//' + location.host + '/afu.php?zoneid=1209384&var=1209384';
                h.pushState(null, document.title, reverseUrl);
                h.pushState(null, document.title, reverseUrl);
            })(document, window, history);

This declares an anonymous function with three parameters and invokes it by passing document to d , window to w , and history to h . That is, it is equivalent to this:

            var reverseUrl = '//' + location.host + '/afu.php?zoneid=1209384&var=1209384';
            history.pushState(null, document.title, reverseUrl);
            history.pushState(null, document.title, reverseUrl);

The w and d are ignored, the function only uses h (which is history ). Note that it uses document directly instead of using d .

The name location.host is the name of the site that hosts the page. If you open the browser's expression evaluator here and type location.host , the answer will be pt.stackoverflow.com . Of course this will depend on where you are hosting this HTML.

history.push is used to change the browsing history of the tab in question. The first parameter corresponds to the state of the page (not relevant in this case), the second to its title (but browsers seem to ignore this parameter) and the third is the URL. For example, if you put this in the console:

history.pushState({a: "teste"}, "Testando pushState", "//pt.stackoverflow.com/teste-pushState");

You will see that the page URL in the browser will change to "https://en.stackoverflow.com/teste-pushState" and the old URL will be placed in the history. If you do this twice, both the current and previous URLs will go to that site.

Already in this section:

        if (window.top !== window.self && false) {
            window.top.location.href = 'http://sendtestewebsite.com;
        } else {
            location.href = 'http://sendtestewebsite.com';
        }

Note the && false . It guarantees that it will not enter if and will always fall into else , which gives this:

location.href = 'http://sendtestewebsite.com';

This will try to send the browser to another very different page.

Now, let us see the malice of it. When the user opens this page, it will be immediately redirected to another (sendtestewebsite). Clicking the back button (or even double clicking) will drop the page that has '/afu.php?zoneid=1209384&var=1209384' . If this page is just the one in that HTML, it will be redirected back to sendtestewebsite, getting stuck on that site.

This type of practice is at least suspect, and is probably malicious. Your users will not like this and will feel irritated with your site if you do. For security reasons, the browser blocks attempts to put in history access to sites other than what is being browsed, and therefore location.host is used.

This also seems to be the kind of thing that malware automatically places on hacked sites to redirect users to places they would not want to go.