Closed
Bug 125525
Opened 23 years ago
Closed 19 years ago
Support MS javascript obfuscator (language="JScript.Encode")
Categories
(Core :: DOM: Core & HTML, enhancement)
Core
DOM: Core & HTML
Tracking
()
VERIFIED
WONTFIX
People
(Reporter: ataylor+origacct, Unassigned)
References
()
Details
Attachments
(1 obsolete file)
Microsoft offers a tool to obfuscate javascript within a web page (see above
URL). The result is an encoded script that uses a SCRIPT
LANGUAGE="JScript.Encode" tag. The algorithm for decoding the script is given
here: http://www.klaphek.nl/nr6/scrdec.html.
Ideally, mozilla should handle this type of encoded script for maximum
interoperability. Even better would be an option to display the decoded script,
perhaps in the View Source window.
|
||
Comment 1•23 years ago
|
||
cc'ing Brendan, jband, Mitch, Harish on this RFE. I suspect this would
involve a big effort across the browser; so is JS Engine the right place
for this request?
Assignee: rogerl → khanson
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Comment 2•23 years ago
|
||
This is nowhere near core JS engine territory -- it's a content sink issue.
Phil, can you reassign? I suspect this will be "not a priority, we are
accepting patches as usual" situation.
/be
we don't support jscript, and we don't currently support chm, imo this has a
much lower priority than that.
However, perhaps we can talk with the author of the url which I selected.
I think it might be value added if we decoded the source in the view source
window. (I'm still almost opposed to actually running the script, although I
don't mind reading it...)
|
||
Comment 4•23 years ago
|
||
> mozilla should handle this type of encoded script for maximum interoperability.
Yeah, let's support VBScript, too. And ActiveX.
</irony>
If the author is trying to hide something and uses MSIE's properitary stuff,
it's probably something we don't want to be infected with.
The more that stuff is supported, the more it's used. Don't support it, let
Microsoft's non-standard and wrong-guided stuff just die.
|
||
Comment 5•23 years ago
|
||
View source could decode this... if it kept track of whether it was supposedly
in a script tag and had a lot of cruft added to it. This is definitely a
content sink issue (ccing jst), and I would suggest simply wontfixing this bg.
|
||
Comment 6•23 years ago
|
||
This is really low priority for most of us, but hey, it's open source, so if
you've got an itch, scratch it. If someone wants to contribute a patch, great.
If a site uses obfuscated JS, they obviously intend it to work only on IE, so
they probably also do some IE-specific DOM calls with no client-sniffer, which
means that even if we unscramble these scripts they probably won't run. But
again, I certainly won't object if someone wants to do it.
|
|
||
Comment 7•23 years ago
|
||
As Brendan said, this is not JS Engine and will undoubtedly affect
more than one component. Reassigning to Browser-General until we
can decide whether we want to do this or not.
As stated above, if someone wants to contribute a patch, it will be
reviewed -
Assignee: khanson → asa
Component: JavaScript Engine → Browser-General
QA Contact: pschwartau → doronr
|
||
Comment 8•23 years ago
|
||
->nobody. If someone wants to take this and work on a patch feel free to do so
but there are currently no resources (that I know of) interested in making this
happen.
Assignee: asa → nobody
|
||
Updated•23 years ago
|
Summary: [RFE] Support MS javascript obfuscator (encoder) → Support MS javascript obfuscator (encoder)
|
||
Comment 9•22 years ago
|
||
*** Bug 230090 has been marked as a duplicate of this bug. ***
|
||
Comment 10•21 years ago
|
||
*** Bug 239591 has been marked as a duplicate of this bug. ***
|
||
Updated•21 years ago
|
Summary: Support MS javascript obfuscator (encoder) → Support MS javascript obfuscator (language="JScript.Encode")
|
||
Updated•21 years ago
|
Product: Browser → Seamonkey
|
||
Comment 11•21 years ago
|
||
patch for aviary branch.
just for fun.
|
||
Comment 12•20 years ago
|
||
*** Bug 261417 has been marked as a duplicate of this bug. ***
|
||
Updated•20 years ago
|
Alias: chm
|
|
||
Updated•20 years ago
|
Alias: chm
Component: General → DOM: HTML
Product: Mozilla Application Suite → Core
|
||
Updated•19 years ago
|
Assignee: nobody → general
QA Contact: doronr → ian
|
|
||
Comment 13•19 years ago
|
||
Comment on attachment 168840 [details] [diff] [review]
patch
This patch no longers applies.
Attachment #168840 -
Attachment is obsolete: true
|
||
Comment 14•19 years ago
|
||
Looking at the patch, I don't think that we can take this code into the mozilla
CVS repository. Asking Gerv for a definitive answer.
|
||
Comment 15•19 years ago
|
||
I don't think we should fix this even if we had a patch. Script obfuscation is a case of misleading content authors, at best, and we shouldn't help its (very rare) use become more common.
|
||
Comment 16•19 years ago
|
||
The license of that code is too vague and has too many uncertainties (do you have the right to modify the code, for example?) for us to take.
I agree with Shaver - we don't even want to try and support this. Better an obvious "this type of script isn't supported" failure than a hard to debug problem when it hits the first IE-only construct.
Gerv
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → WONTFIX
|
||
Updated•17 years ago
|
Status: RESOLVED → VERIFIED
|
||
Comment 17•8 years ago
|
||
Support MS javascript obfuscator (language="JScript.Encode").
Javascript obfuscator https://javascript-obfuscator.org/
You need to log in
before you can comment on or make changes to this bug.
Description
•