Question for people who know about Javascripting.

[dkamm65]

There's an addon for Justin.tv that improves the website design (removes ads, bigger chat window, less page clutter), and some people seem to think it's malicious; it's just a Javascript, so I don't see how it could be. Does anyone see anything malicious in this code?

Code: [Select]

BetterJtvEngine = function()
{

// Core Functions
function replaceAll(str, s1, s2)
{
return str.split(s1).join(s2);
}
function stripslashes(str)
{
str=str.replace(/\\'/g,'\'');
str=str.replace(/\\"/g,'"');
str=str.replace(/\\0/g,'\0');
str=str.replace(/\\\\/g,'\\');
return str;
}
function deleteit(obj)
{
var tagname = obj.tagName.toLowerCase();
if(tagname != "embed" && tagname != "object") obj.innerHTML = "";
obj.style.display = "none";
obj.parentNode.removeChild(obj);
}

function banneroffset_fix()
{
element = document.getElementById("languages_stem");
if(element)
element.style.right="8em";
element = document.getElementById("header_language_dropmenu");
if(element)
element.style.right="8em";
element = document.getElementById("usermgmt_stem");
if(element)
element.style.right="15em";
element = document.getElementById("usermgmt_dropmenu");
if(element)
element.style.right="15em";
}
function clearout()
{
var removefooter = !(!document.getElementById("live_site_player_flash"));

var clearlist = [
// Header
// "header_site_search",
".managed_ad",
"FrontPageMedRectv2",
"ad",
".ad_300x250",
"FPTakeoverHeaderv2",
"FPTakeoverHeaderv2_holder",
"FPTakeoverSkinv2_holder",

// Footer
"footer_search",
"footer_columns_container",
// ".meebo-215", // m_ad

// iPhone Ads
"frontpage_takeover_banner",
"iphone_banner",

// Front page
"things_todo",
"fp-categories",
"portal_headlines",
"search_tags",
".fp-section_desc",

// Home
".home_search",
".home_action_separator",
"home_actions_less",
"home-new_gifts",
// "home_fans",
"callout",

// Directory
"producer_spotlight_holder",
"app_spotlight",

// Channels
// Header
"next_live_channel",
"admin_nxtchan",
"channel_header",
"broadcast_banner",
// Related Channels
"related",

// Old Channels
// Left Side Containers
"dvr",
"channel_lists",
// Channel Info Cleanup
".firstcolor_header",
".channel_info",
// Right Side Containers
"channel_schedule_container",
"top_fans_container",

// Gifts
"channel_gifts_container",
"chat_gifts",
"fp-new_gifts",
".hint",
];

for(var i = 0; i < clearlist.length; i++)
{
var id = clearlist[i];

if(id == "footer_columns_container" && !removefooter) continue;

if(id.charAt(0) == ".")
{
var classname = id.substr(1);
var results = document.getElementsByClassName(classname);
for(var j = 0; j < results.length; j++)
{
deleteit(results[j]);
}
} else {
var obj = document.getElementById(id);
if(obj) deleteit(obj);
}
}

element = document.getElementById("header_site_search");
if(element) element.style.visibility = "hidden";
}
function chatupdate()
{
if(!window.IRC) return;
if(window.location.href.indexOf("/old") >= 0) return;

// Resize Chat
element = document.getElementById("chat_lines");
if(element)
element.style.height="324px";
element = document.getElementById("right_col");
if(element)
element.style.width="450px";
element = document.getElementById("jtv_chat");
if(element)
element.style.height="436px";
element = document.getElementById("chat_text_input");
if(element)
{
// element.cols=45;
// element.style.width="auto";
// element.style.width="350px";
element.style.width="95%";
}
element = document.getElementById("chat_container");
if(element)
{
document.getElementById("chat_container").style.marginTop="128px";
// expand the entire doc wrapper
element = document.getElementsByClassName('wrapper')[0];
if(element)
element.style.width="1100px";
}

if(window.Chat)
{
var regstr = window.Chat.prototype.linkify_re.source;
regstr = replaceAll(regstr, "|net", "|me|de|net");
regstr = replaceAll(regstr, "@\\?", "@\\?!");
window.Chat.prototype.linkify_re = new RegExp(regstr, "ig");
}

if(!window.IRC.show_timestamps)
window.IRC.toggle_show_timestamps();
if(window.IRC)
window.IRC.set_mod_icons_visible(true);

window.PP.channel_hide_chat_links = false;

window.toggle_chat_settings_menu2=window.toggle_chat_settings_menu;
window.toggle_chat_settings_menu=function() {
if(CurrentChat && CurrentChat.show_timestamps)
{
element = document.getElementById('toggle_chat_timestamps');
if(element)
element.checked=true;
}

if($('chat_lines').className.indexOf("nobuttons") == -1)
{
element = document.getElementById('mod_icons');
if(element)
element.checked=true;
} else {
element = document.getElementById('mod_icons');
if(element)
element.checked=false;
}

toggle_chat_settings_menu2();

}

window.IRC.insert_chat_line2=window.IRC.insert_chat_line;
window.IRC.insert_chat_line=function(info)
{
if(info.tagname == "Broadcaster") info.tagname = "Host";
if(info.tagname == "Admin") { info.tagtype=null; info.tagname = null; }
if(info.nickname == "tia_marie") { info.tagtype="staff"; info.tagname = "&lt;3 TIA!"; }
if(info.nickname == "wbot") { info.tagtype="bot"; info.tagname = "Bot"; }
info.pro = false;
info.image_url = "";
if(info.chat_type == "twitter") info.nickname = "TW-"+info.nickname;
if(info.chat_type == "facebook") info.nickname = "FB-"+info.nickname;
if(info.chat_type == "myspace") info.nickname = "MS-"+info.nickname;

window.IRC.insert_chat_line2(info);
}

window.IRC.emoticonize2=window.IRC.emoticonize;
window.IRC.emoticonize=function(msg)
{
msg = replaceAll(msg, "<wbr />", "");
msg = window.IRC.emoticonize2(msg);
msg = smilize(msg);
msg = "<span style=\"word-wrap: break-word;\">"+msg+"</span>";
return msg;
}

window.IRC.handlers.clear_chat = function(info) {
        if (info.target == "all") {
this.admin_message("Chat was cleared by a moderator (prevented by BetterJTV)");
        } else if (info.target == "user") {
var nickname = CurrentChat.real_username(info.user);
$$('#chat_line_list .chat_from_' + info.user.replace(/%/g, '_').replace(/[<>,]/g, '') + ' .chat_line').each(function (message) {
// $$('#chat_line_list .chat_from_' + info.user + ' .chat_line').each(function(message) {
message.innerHTML = "<span style=\"color: #999\">" + message.innerHTML + "</span>";
});
this.admin_message(nickname+" has been timed out");
        }
}
}
function clipplayer()
{
var clipplayer = document.getElementById("archive_site_player_flash");
if(!clipplayer) return;

var spliturl = document.location.href.split("/b/");
if(spliturl.length < 2) return;
var clipid = spliturl[1];
if(clipid != parseInt(clipid)) return; // not an int

try {
var xhttp=new XMLHttpRequest();
xhttp.open("GET","http://api.justin.tv/api/broadcast/show/"+clipid+".json?",false);
xhttp.withCredentials = "true";
xhttp.setRequestHeader("Referer", " ");
xhttp.send("");
} catch(error) {
return;
}
var xmlDoc=xhttp.responloveML;
var vidurl = xmlDoc.getElementsByTagName("video_file_url")[0].childNodes[0].nodeValue;
if(!vidurl || vidurl.length < 5) return;

element = document.getElementById('wrapper');
if(element)
element.style.width="1100px";
element = document.getElementById("left_column");
if(element)
element.style.width="640px";

var clipparent = clipplayer.parentNode;
deleteit(clipplayer);

var newclipplayer = new SWFObject('http://s3.amazonaws.com/betterjtv/clip.swf', 'betterjtv_clip_player', '640', '384', '9', '#000000');
newclipplayer.addParam('allowNetworking', 'all');
newclipplayer.addParam('allowFullScreen', 'true');
newclipplayer.addParam('allowScriptAccess', 'always');
newclipplayer.addVariable('file', vidurl);
newclipplayer.write(clipparent.id);
}
function smilize(message)
{
message = replaceAll(message, ":D", "<img src='http://s3.amazonaws.com/betterjtv/smileys/mw.jpg'>");
message = replaceAll(message, ";(", "<img src='http://s3.amazonaws.com/betterjtv/smileys/cry.png'>");
message = replaceAll(message, "(puke)", "<img src='http://s3.amazonaws.com/betterjtv/smileys/puke.png'>");
message = replaceAll(message, "(mooning)", "<img src='http://s3.amazonaws.com/betterjtv/smileys/mooning.png'>");
message = replaceAll(message, "(poolparty)", "<img src='http://s3.amazonaws.com/betterjtv/smileys/poolparty.png'>");
return message;
}
function fixsquareimgs()
{
return;

var results = document.getElementsByClassName("rect-square_image");
for(var i = 0; i < results.length; i++)
{
results[i].style.display = "";
results[i].style.overflow = "";

if(results[i].parentNode.parentNode.className != "comment_wrapper")
{
var imgresults = results[i].getElementsByTagName("img");
for(var j = 0; j < imgresults.length; j++)
{
imgresults[j].style.position = "";
}
}
}
}
function fix280110()
{
document.body.className = "";

var banner = document.getElementById("banner_custom");
if(!banner) banner = document.getElementById("banner_default");
if(banner) banner.style.display = "block";
}
function fix190410()
{
// fixes chat popups not working
if(typeof console == "undefined" || typeof console.log == "undefined") window.console = { log: function() {} };
}

function init()
{
var loc = document.URL;
if(loc.indexOf("meebo.html") != -1)
{
return;
}
/*
var betterjtv_stat = document.createElement('script');
betterjtv_stat.type = 'text/javascript';
betterjtv_stat.src = "http://www.betterjtv.com/p/stat.php?"+Math.random();
var betterjtv_head = document.getElementsByTagName("head")[0];
if(betterjtv_head) betterjtv_head.appendChild(betterjtv_stat);
*/
setTimeout(delayed, 1000);

clearout();
chatupdate();
// clipplayer();
fixsquareimgs();
// fix280110();
fix190410();
// banneroffset_fix();
if(typeof iab_rma_video_complete == "function") iab_rma_video_complete();
}
function delayed()
{

clearout();
}

//setTimeout(init, 50);
init();
// we can do this immediately, because this script is always loaded AFTER domready

//function test() {
//window.IRC.insert_chat_line("tia_marie","tia_marie","",0,"BETTERJTVTEST","red",false,"","","",false);
//}
//setTimeout(test, 3000);

}();
Thanks in advance.

[Ad Bot]

[Ladios]

I don't see anything in there that looks especially alarming but I am half asleep and I know flash much better than Java. Sorry if thats not very helpful.

[Moybus]

half of that code will completely wipe your computer clean.

i have no idea why somebody would write this, must have been starfishs.


I think I spotted a keylogger in there too.

[Ladios]

half of that code will completely wipe your computer clean.

uhhhhhhhhh
can you point out the bits that do?
i must be more illiterate in java script than I thought (or at least more out of it)

[Moybus]

see all the stuff behind those //'s?

bad news.

[Ladios]

-,-

[Moybus]

huehuehue

[dkamm65]

hurr durrr

Can I get a serious answer?

[Night Fox]

Seriously, I don't understand anything that is typed up there.
Get it? you said you needed a serious answer...

[dkamm65]

Seriously, I don't understand anything that is typed up there.
Get it? you said you needed a serious answer...

Go away

[Ladios]

I cant find anything in it that I think is malicious. I do notices it forces someone named Mia to be renamed in the chat or whatever. I have no idea how justin.tv runs so at one part where it references a web page to be opened, it looks legit, but I dunno.

Who is telling you this thing is bad?

[Night Fox]

Hehe, I couldn't help myself.

[TeslaCoil]

Yes, I see whats delicious about this code.

...Wait you mean malicious?

[Ladios]

I think its safe. Use it, tell me if you die or your computer explodes or something, k?

[dkamm65]

There was a few people in a chat on Jtv that were convinced the code is a keylogger.