Strange encoding

Luc wrote:
[...]

Is it a strange character set ? an obfuscation ? both ?

It's obfuscation. The author is trying to prevent you from reading the
source, which I've included at the end, because it's pretty meaty.

I suppose it *might* be an attempt to compress the script --- the
unobfuscated output is much larger than the input --- but doing that in
Javascript is a total waste of time; you're far better off just using a
gzip transport. You get better compression and you don't need the kind of
crap in the script.

Incidentally, if you're tempted to obfuscate your scripts --- don't. You
can't stop people from reading your scripts. At all. There's no point even
trying. All you'll do is make your code more brittle and prone to bugs.

There is one other reason why people try and obfuscate their scripts; it's a
(mostly futile) attempt to work around browser security. Some web proxies
examine the web pages an attempt to remove scripts they think are
malicious. It's much harder for them, of course, to decipher the above.

Incidentally, I decoded it by cut-and-pasting into the js command-line
Javascript interpreter. It took maybe thirty seconds, most of which were
spent in working out where the line breaks were. I then fed it to indent to
pretty-print it. (I haven't got it quite right; I think I may have missed a
couple of characters in the cut-and-paste. But at least it's readable.)

---script follows---
function navigation(navButton, enabledAlt, disabledAlt)
{
this.linkObj = topNav.document.getElementById(navButton);
this.linkObj.onclick = this.navClick;
this.enabled = true;
this.enabledAlt = enabledAlt;
this.disabledAlt = disabledAlt;
this.linkObj.enabledImage = this.linkObj.firstChild.src;
varstart =
this.linkObj.firstChild.src.substring(0,
this.linkObj.firstChild.
src.indexOf(this.linkObj.
id.
toLowerCase
()));
varend =
this.linkObj.firstChild.src.substring(this.linkObj .firstChild.
src.indexOf(this.linkObj.
id.
toLowerCase
()),
this.linkObj.firstChild.
src.length);
this.linkObj.disabledImage = start + 'grey' + end;
this.enable = enable_m;
this.disable = disable_m;
};

navigation.prototype.navClick = function()
{
eval('root.navAction("' + this.id + '")');
};

functiondisable_m()
{
this.linkObj.onclick = null;
this.linkObj.style.cursor = '';
this.enabled = false;
this.linkObj.firstChild.alt = this.disabledAlt;
this.linkObj.firstChild.title = this.disabledAlt;
this.linkObj.firstChild.src = this.linkObj.disabledImage;
};

functionenable_m()
{
this.linkObj.onclick = this.navClick;
this.linkObj.style.cursor = parent.pointer;
this.enabled = true;
this.linkObj.firstChild.alt = this.enabledAlt;
this.linkObj.firstChild.title = this.enabledAlt;
this.linkObj.firstChild.src = this.linkObj.enabledImage;
};

functionbookmarkConstructor()
{
this.linkObj = topNav.document.getElementById('bookmarkButton');
this.linkObj.createImage = this.linkObj.firstChild.src;
this.linkObj.deleteImage = '../images/bookmarkdelete.gif';
this.linkObj.style.cursor = parent.pointer;
this.linkObj.parentObj = this;
this.enabled = true;
this.linkObj.enabledImage = this.linkObj.firstChild.src;
varstart =
this.linkObj.firstChild.src.substring(0,
this.linkObj.firstChild.
src.indexOf('bookmark'));
varend =
this.linkObj.firstChild.src.substring(this.linkObj .firstChild.
src.indexOf('bookmark'),
this.linkObj.firstChild.
src.length);
this.linkObj.disabledImage = start + 'grey' + end;
this.setDelete = setDelete_m;
this.setCreate = setCreate_m;
this.enable = enable_m;
this.disable = disable_m;
};

functionsetDelete_m()
{
this.linkObj.firstChild.src = this.linkObj.deleteImage;
this.linkObj.onclick = deleteBookmark_m;
this.linkObj.firstChild.alt = buttonDeleteBookmarkAlt;
this.linkObj.firstChild.title = buttonDeleteBookmarkAlt;
};

functionsetCreate_m()
{
this.linkObj.firstChild.src = this.linkObj.createImage;
this.linkObj.onclick = createBookmark_m;
this.linkObj.firstChild.alt = buttonCreateBookmarkAlt;
this.linkObj.firstChild.title = buttonCreateBookmarkAlt;
};

functioncreateBookmark_m()
{
root.bookmarks[root.bookmarks.length] =
root.currentDocument.nodeGlobalID;
root.addBookmark(root.
findNodeGlobalID(root.currentDocument.
nodeGlobalID));
this.parentObj.setDelete();
};

functiondeleteookmark_m()
{
var arrayString = arrayToStr(root.bookmarks, ':');

deleteroot.bookmarks;
root.bookmarks = arrayString.split(':').reverse();
for (var counter = 0; counter < root.bookmarks.length; counter++)
{
if (root.bookmarks[counter] ==
root.currentDocument.nodeGlobalID)
{
root.bookmarks.splice(counter, 1);
break;
}
}
root.deleteBookmark(root.
findNodeGlobalID(root.currentDocument.
nodeGlobalID));
this.parentObj.setCreate();
};
---script ends---

--
+- David Given --McQ-+ "...you could wire up a *dead rat* to a DIMM
| dg@cowlark.com | socket, and the PC BIOS memory test would pass it
| (dg@tao-group.com) | just fine." --- Ethan Benson
+- www.cowlark.com --+

David Given wrote:

Luc wrote:
[...]

Is it a strange character set ? an obfuscation ? both ?

It's obfuscation. The author is trying to prevent you from reading the
source, which I've included at the end, because it's pretty meaty.

Meaty and indicative of the ability of the author of it.

navigation.prototype.navClick = function()
{
eval('root.navAction("' + this.id + '")');
};

Why they decided they needed eval there is beyond me....... Perhaps
whoever wrote it should read this groups FAQ.

There is more wrong with that code but the above is the best example of it.

--
Randy
comp.lang.javascript FAQ - http://jibbering.com/faq & newsgroup weekly

>> It's obfuscation. The author is trying to prevent you from reading the

source, which I've included at the end, because it's pretty meaty.

Meaty and indicative of the ability of the author of it.

navigation.prototype.navClick = function()
{
eval('root.navAction("' + this.id + '")');
};

Why they decided they needed eval there is beyond me....... Perhaps
whoever wrote it should read this groups FAQ.

There is more wrong with that code but the above is the best example of it.

That is the best reason to obfuscate: to hide ignorance and faulty
technique.

> > Why they decided they needed eval there is beyond me....... Perhaps

whoever wrote it should read this groups FAQ.

There is more wrong with that code but the above is the best example of it.

That is the best reason to obfuscate: to hide ignorance and faulty
technique.

Thanks you for your replies.
Finally, I only replaced the eval(S) by an output of the var S, which
printed the same as you did, to be able read the code with no
indentation.

For your information ...
the obfuscated code, was included with many others files ( about 60Mo
!!! ),
to display only a frameset with a menu ( funny menu ... but ... ) and
about 20 html pages.
It takes about 2mns to load on a PIII 1.2Ghz ( the author wrote a
"please wait" text .. thanks ! ). I have to modify 60 *packages* like
this one ( yes ... 1,2Go for all !!! )

Why do I need to modify/look at this bad code?
This code is a part of the documentation of a product, sold anywhere
in the world by one of the most important IT companies. This company
is a member of the w3c consortium ( they claim to follow their
standards, do they ?!! )

I had to modify only a few minor elements to add these documentations
to an intranet ... I'm only a technician in charge of some web
developpements, but i'm so irritated to read such codes ( how much was
paid the man who wrote this code ? more than myself, sure ).

Anyway, thanks you for your answers.

Luc