I am wondering if we can analyze JavaScript code to determine if the web page will contain these JSs, send an HTTP request to another domain.
For example, some people put their static web page files on my web server (DOMAIN A), and I donβt want their file to send an HTTP request to another site (for example, DOMAIN B).
Here's how they can do it:
In addition, we can also use JS to generate an HTTP request, for example:
var f = document.createElement('form');
f.action = "http://domain.b.com/statics";
...
Javascript can be confusing, javascript above can be compressed as:
eval(function(p,a,c,k,e,d){e=function(c){return c};if(!''.replace(/^/,String)){while(c--){d[c]=k[c]||c}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('4 0=3.2(\'1\');0.5="9://8.7.6/10";',10,11,'f|form|createElement|document|var|action|com|b|domain|http|statics'.split('|'),0,{}))
source
share