Chris Gerling Posted November 9, 2007 Share Posted November 9, 2007 I have a good grasp on reading most code, just curious if anyone feels like breaking down exactly what this is doing? ction.getSelectedElement()||dojo.html.selection.getParentElement(); while(node){ if(dojo.html.selection.isTag(node,arguments).length>0){ return node; } node=node.parentNode; } return null; },isTag:function(node,tags){ if(node&&node.tagName){ for(var i=0;i<tags.length;i++){ if(node.tagName.toLowerCase()==String(tags[i]).toLowerCase()){ return String(tags[i]).toLowerCase(); } } } return ""; },selectElement:function(_25b){ var _25c=dojo.global(); var _25d=dojo.doc(); _25b=dojo.byId(_25b); if(_25d.selection&&dojo.body().createTextRange){ try{ var _25e=dojo.body().createControlRange(); _25e.addElement(_25b); _25e.select(); } catch(e){ dojo.html.selection.selectElementChildren(_25b); } }else{ if(_25c["getSelection"]){ var _25f=_25c.getSelection(); if(_25f["removeAllRanges"]){ var _25e=_25d.createRange(); _25e.selectNode(_25b); _25f.removeAllRanges(); _25f.addRange(_25e); } } } },selectElementChildren:function(_260){ var _261=dojo.global(); var _262=dojo.doc(); _260=dojo.byId(_260); if(_262.selection&&dojo.body().createTextRange){ var _263=dojo.body().createTextRange(); _263.moveToElementText(_260); _263.select(); }else{ if(_261["getSelection"]){ var _264=_261.getSelection(); if(_264["setBaseAndExtent"]){ _264.setBaseAndExtent(_260,0,_260,_260.innerText.length-1); }else{ if(_264["selectAllChildren"]){ _264.selectAllChildren(_260); } } } } },getBookmark: Quote Link to comment Share on other sites More sharing options...
digip Posted November 9, 2007 Share Posted November 9, 2007 Was this running in frames by any chance. It looks like it is following pages in a frame and copying/posting them back to the parent frame as bookmarking the sites visited. I assume this is not all of the code, but only a piece of it? I know opera has a tool for breaking down pages into a tree format of the layout. I can't explaing it exactly, but you can take a look here: http://dev.opera.com/tools/ Scroll down and it talks about NODES a bit more. Quote Link to comment Share on other sites More sharing options...
Chris Gerling Posted November 9, 2007 Author Share Posted November 9, 2007 Yes this is just a small piece. Does it look malicious? Or is it just a bookmarking function? Quote Link to comment Share on other sites More sharing options...
digip Posted November 9, 2007 Share Posted November 9, 2007 Yes this is just a small piece. Does it look malicious? Or is it just a bookmarking function? Not sure, but it looks like it is scanning each pages text/source of the page. It may even be grabbing posted text, like passwords and such, but I am not that good with scripting. Someone on here will probably know, but you might want to post more of the code so they can verify its intensions. Just don't give it all away in the event that it is malicious, you don't want to spread some viral code to a bunch of script kiddies. I leave that up to you though... It may be possible they are using some xss attack. I know you can use scripts to change elements on a page, so you can probably redirect it using these code you posted above. Take a look at this: http://www.sauter-online.de/dojo/tests/tes..._selection.html It uses dojo.html selection to allow a user to control aspects of the page like selecting a paragraph of text. Quote Link to comment Share on other sites More sharing options...
digip Posted November 9, 2007 Share Posted November 9, 2007 Also take a look at: http://dojotoolkit.org/ Quote Link to comment Share on other sites More sharing options...
cooper Posted November 11, 2007 Share Posted November 11, 2007 Yeah. This looks to me like just a chunk of a class declaration from the Dojo Toolkit itself. If there's any malicious code around, it will probably reside in an external file that calls upon these functions. Quote Link to comment Share on other sites More sharing options...
K1u Posted November 11, 2007 Share Posted November 11, 2007 I have a good grasp on reading most code, just curious if anyone feels like breaking down exactly what this is doing? ction.getSelectedElement()||dojo.html.selection.getParentElement(); while(node){ if(dojo.html.selection.isTag(node,arguments).length>0){ return node; } node=node.parentNode; } return null; },isTag:function(node,tags){ if(node&&node.tagName){ for(var i=0;i<tags.length;i++){ if(node.tagName.toLowerCase()==String(tags[i]).toLowerCase()){ return String(tags[i]).toLowerCase(); } } } return ""; },selectElement:function(_25b){ var _25c=dojo.global(); var _25d=dojo.doc(); _25b=dojo.byId(_25b); if(_25d.selection&&dojo.body().createTextRange){ try{ var _25e=dojo.body().createControlRange(); _25e.addElement(_25b); _25e.select(); } catch(e){ dojo.html.selection.selectElementChildren(_25b); } }else{ if(_25c["getSelection"]){ var _25f=_25c.getSelection(); if(_25f["removeAllRanges"]){ var _25e=_25d.createRange(); _25e.selectNode(_25b); _25f.removeAllRanges(); _25f.addRange(_25e); } } } },selectElementChildren:function(_260){ var _261=dojo.global(); var _262=dojo.doc(); _260=dojo.byId(_260); if(_262.selection&&dojo.body().createTextRange){ var _263=dojo.body().createTextRange(); _263.moveToElementText(_260); _263.select(); }else{ if(_261["getSelection"]){ var _264=_261.getSelection(); if(_264["setBaseAndExtent"]){ _264.setBaseAndExtent(_260,0,_260,_260.innerText.length-1); }else{ if(_264["selectAllChildren"]){ _264.selectAllChildren(_260); } } } } },getBookmark: This is not malicious, http://manual.dojotoolkit.org/dojo.html#api-reference Quote Link to comment Share on other sites More sharing options...
Chris Gerling Posted November 11, 2007 Author Share Posted November 11, 2007 Thanks.. that's weird, my buddy Karl is a part of that Dojo project ironically. I'll hit him up :) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.