0

I would like to keep a part of a script server sided so we can do the update for clients ourselves here. But reading on the internet did not make clear what would be the best way. Simply put the script looks like this:

$(function () {

  var id_user = XXXX; // this is what the client needs to connect

  // Obfuscated Code, this section i would like to load from the server
  var _$_2cfd=["\x3C\x64\x69\x76\x20\x69\x64\x3D\x22\x43\x65\x6C\x65\x62\x72\x69\x74\x79\x43\x6F\x6E\x74\x61\x69\x6E\x65\x72\x22\x3E\x3C\x2F\x64\x69\x76\x3E","\x61\x70\x70\x65\x6E\x64","\x23\x73\x68\x6F\x77\x74\x61\x67\x65\x6E\x61\x62\x6C\x65\x64","\x3C\x64\x69\x76\x20\x69\x64\x3D\x22\x43\x65\x6C\x65\x62\x72\x69\x74\x79\x54\x61\x67\x43\x6F\x6E\x74\x61\x69\x6E\x65\x72\x22\x3E\x3C\x2F\x64\x69\x76\x3E","\x3C\x64\x69\x76\x20\x69\x64\x3D\x22\x43\x65\x6C\x65\x62\x72\x69\x74\x79\x44\x65\x74\x61\x69\x6C\x73\x22\x3E\x3C\x2F\x64\x69\x76\x3E","\x3C\x64\x69\x76\x20\x69\x64\x3D\x22\x50\x72\x6F\x64\x75\x63\x74\x43\x6F\x6E\x74\x61\x69\x6E\x65\x72\x22\x3E\x3C\x2F\x64\x69\x76\x3E"];var 

})

and what i would like to archieve is that i can place the code block of obfuscated code in my azure storage and that it's loaded (imported) into the rest of the javascript file. This way i could make changes for the client remotely, add features etc. What would be the best way of doing this?

I looked into stackoverflow: How do I include a JavaScript file in another JavaScript file? but that is now 9 years old and perhaps better new way exist now.

would this be possible?

$(function () {

  var id_user = XXXX; // this is what the client needs to connect

  $.getScript("http://myweb.azurestorage.net/Obfuscated_Code.js", function());

})

where on the storage the Obfuscated Code is hosted, i know this is jquery what is fine to use as well

Ewald Bos
  • 1,560
  • 1
  • 20
  • 33
  • 2
    You want to have a Javascript backdoor into your clients' sites? – esqew Sep 26 '18 at 17:58
  • 1
    While the question is 9 years old the most upvoted answer was last updated 5 days ago. I'd say it's up to date. Canonical answers on SO are usually updated so people don't have to Google for new threads but can use the old ones that are now updated with new information. That said, the whole obfuscation thing sounds pretty dodgy. Also all of your obfuscated code seems to be HTML tags rather than any javascript? – h2ooooooo Sep 26 '18 at 17:58
  • @h2ooooooo it's just an example not the actual code, that would keep you scrolling forever and does not contribute. – Ewald Bos Sep 26 '18 at 18:06
  • @esqew, kinda. They are buying a service and we would like to make sure they don't need to do anything if we add some additional features. Saving on very difficult to get developers that already have limited time :) – Ewald Bos Sep 26 '18 at 18:07
  • Just put up your own server, and load from it an external script into every of your client's pages. – Bergi Sep 26 '18 at 18:14
  • @Bergi that is what i have, however the client needs to make some connections on their side (an example here is the userID), that why the script need's to be added into the function – Ewald Bos Sep 26 '18 at 18:41
  • 1
    @EwaldBos What do you mean by "connections"? A misspelling of configurations? Why do they need to be inside the function? The client should just set the `userID` as a global variable in a separate script. Or pass it as a URL parameter to your external script, so that your server can inject the value in the script where it needs it. – Bergi Sep 26 '18 at 18:53

0 Answers0