1. Home
  2. Forums Index
  3. Browser Side / JavaScript and AJAX 12:46 am May 14, 2026

Forum Moderators: open

Message Too Old, No Replies

Can someone tell me what exactly this code is 'doing'?

         

tomld2

7:40 am on May 6, 2004 (gmt 0)

10+ Year Member



I found this code in a parse.js.php file tagged onto an ad distributed through an adware program. Can any programmer look at this code and tell me what exactly this file is doing?

Here is the code:
-----------------
document.domain = 'offeroptimizer.com';document.server_name = 'xads';document.close_file = 'close.html';
function createRequestObject() {

FORM_DATA = new Object();
// The Object ("Array") where our data will be stored.

separator = ',';
// The token used to separate data from multi-select inputs

query = '' + this.location;
qu = query
// Get the current URL so we can parse out the data.
// Adding a null-string '' forces an implicit type cast
// from property to string, for NS2 compatibility.

query = query.substring((query.indexOf('?')) + 1);
// Keep everything after the question mark '?'.

if (query.length < 1) { return false; } // Perhaps we got some bad data?

keypairs = new Object();
numKP = 1;
// Local vars used to store and keep track of name/value pairs
// as we parse them back into a usable form.

while (query.indexOf('&') > -1) {
keypairs[numKP] = query.substring(0,query.indexOf('&'));
query = query.substring((query.indexOf('&')) + 1);
numKP++;
// Split the query string at each '&', storing the left-hand side
// of the split in a new keypairs[] holder, and chopping the query
// so that it gets the value of the right-hand string.
}

keypairs[numKP] = query;
// Store what's left in the query string as the final keypairs[] data.

for (i in keypairs) {
keyName = keypairs[i].substring(0,keypairs[i].indexOf('='));
// Left of '=' is name.
keyValue = keypairs[i].substring((keypairs[i].indexOf('=')) + 1);
// Right of '=' is value.
while (keyValue.indexOf('+') > -1) {
keyValue = keyValue.substring(0,keyValue.indexOf('+')) + ' ' + keyValue.substring(keyValue.indexOf('+') + 1);
// Replace each '+' in data string with a space.
}

keyValue = unescape(keyValue);
// Unescape non-alphanumerics

if (FORM_DATA[keyName]) {
FORM_DATA[keyName] = FORM_DATA[keyName] + separator + keyValue;
// Object already exists, it is probably a multi-select input,
// and we need to generate a separator-delimited string
// by appending to what we already have stored.
} else {
FORM_DATA[keyName] = keyValue;
// Normal case: name gets value.
}
}

return FORM_DATA;
}

FORM_DATA = createRequestObject();
// This is the array/object containing the GET data.
// Retrieve information with 'FORM_DATA [ key ] = value'.

// if 'invisible' then do not move to the screen.
if(FORM_DATA['inv'] == 1){
setTimeout('self.location.href="http://'+document.server_name+'.'+document.domain+'/'+document.close_file+'";',3000);
} else {
if(document.body == undefined){
document.write('<body bgcolor="#FFFFFF" text="#000000" marginwidth="0" marginheight="0" topmargin="0" leftmargin="0">');
}

align = (Math.round(Math.random()*3.1));
valign = (Math.round(Math.random()*3.1));
screenx = window.screen.availWidth;
screeny = window.screen.availHeight;
height = document.body.clientHeight;
width = document.body.clientWidth;

if (valign=='2'){
windowy = (screeny/2) - (height/2);
} else if (valign=='3'){
windowy = screeny - height - 50;
} else {
windowy = 30;
}

if (align=='2'){
windowx = (screenx/2) - (width/2);
} else if (align=='3'){
windowx = (screenx - width) - 20;
} else {
windowx = 0;
}

setTimeout('self.moveTo(windowx,windowy);',3000);
}

function click(redirect){
if (!FORM_DATA['c']) {FORM_DATA['c'] = "";}
if (!FORM_DATA['s']) {FORM_DATA['s'] = "";}
if (!FORM_DATA['t']) {FORM_DATA['t'] = "";}

if (redirect == undefined){redirect = "";}
if (!window.document.forcetargetunder){forcetargetunder = "";}

redirect = escape(redirect);

url = 'http://'+document.server_name+'.'+document.domain+'/click.php?r='+redirect+'&c='+FORM_DATA['c']+'&s='+FORM_DATA['s']+'&t='+FORM_DATA['t'];
newpop = window.open(url, '_blank');
if(forcetargetunder==1){newpop.blur();}
self.location.href="/"+document.close_file;
}

function formclick(){
if (!FORM_DATA['c']) {FORM_DATA['c'] = "";}
if (!FORM_DATA['s']) {FORM_DATA['s'] = "";}
if (!FORM_DATA['t']) {FORM_DATA['t'] = "";}

url = 'http://'+document.server_name+'.'+document.domain+'/click.php?c='+FORM_DATA['c']+'&s='+FORM_DATA['s']+'&t='+FORM_DATA['t'];
x = window.open(url, "_blank", "width=10,height=10,top=0,left=0,status=0,titlebar=0,menubar=0,location=0,toolbar=0,scrollbars=0,resizable=0");
x.blur();
}

function prependToFunc(element, handler, prependString){
// convert to string
var funcString = ""+element[handler]+"";

// remove function declaration if its IE
funcString = funcString.replace("function anonymous()","");

// remove function declaration if its Netscape
funcString = funcString.replace("function "+handler+"(event)","");

// append our code
funcString = prependString+funcString;

// apply this new code to the handler function
element[handler] = new Function(funcString);
}
var codestring = "";
if(FORM_DATA['ontop'] == '1'){
codestring = codestring + "setTimeout('self.focus();',3000);";
}
if(FORM_DATA['ontop'] == '0') {
self.blur();
}
prependToFunc(window,"onload",codestring);
if(document.title == ""){ document.title = "---"; }
var CB = (Math.round((Math.random()*1000000000)+1));

Bernard Marx

2:48 pm on May 6, 2004 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



It seems to be parsing a query string in the URL and creating an object out of it that holds properties to do useful things with. It opens a window and positions it. Then I got lost and gave up. It doesn't appear to be malicious, unless adding verbose explanatory comments to evil code is a new confidence trick!

Scrub that last remark. It might be sending messages back to Spectre HQ for all I know.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Browser Side / JavaScript and AJAX 12:46 am May 14, 2026