0

I encountered a webpage that shows a popup, however, the only related JavaScript code I found on that page is the code below. What exactly does this code do and how does it hide the actual implementation (showing the popup)?

<script language="javascript" type="text/javascript">
      var script = document.createElement("script");
      script.src = "/in.php?referer=" + escape(document.referrer);
      script.type = "text/javascript";
      document.getElementsByTagName("head")[0].appendChild(script);
</script>
g00glen00b
  • 41,995
  • 13
  • 95
  • 133
user3113699
  • 1
  • 1
  • I see no popup. Are you talking about codeviewer.org itself, or the code you've pasted there? Either way, I don't see anything hidden... be more specific. – Brad Dec 18 '13 at 04:12
  • http://stackoverflow.com/a/17468822/2450730 here i wrote a way to hide some precious js. – cocco Dec 18 '13 at 04:24

1 Answers1

0

This code only inject a <script> tag.

When you look in the Chrome dev tools, you'll see the file referenced here in the sources tab.

This javascript file will have this name: "/in.php?referer=" (and document.referrer as value to the query string).

There's really nothing hidden, it's just that this way the javascript file is loaded asynchronously and won't block further script from loading/executing. This technique is often used by third party in order to leave the smallest footprint possible (google maps, twitter, facebook SDK, youtube, etc, etc).

Simon Boudrias
  • 42,953
  • 16
  • 99
  • 134