- Feature Articles
- CodeSOD
- Error'd
- Forums
-
Other Articles
- Random Article
- Other Series
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Seems like a classy centipede, at least.
Admin
One of the worst snippets of javascript I've ever seen, maybe the worst.
Admin
I've only just processed the trauma and now you submit me to it again. This constitutes cruel and unusual punishment.
Admin
This got to be WordPress. This is WordPress, right? Still not entirely sure why they've used eval(), or what the point of this whole shebackle is, but... Wow.
Admin
Now please make me unsee this... please!
Admin
It's loading a bunch of function, class, and object definitions from a script file - by manually parsing a text file and putting the parsed objects into the global namespace. By rights, the entire thing should just be a script tag - because that will parse text and execute it! The one bright spot in all of this is that it looks like they're just setting up objects (probably some library classes and app-specific data, like maybe "where the back end lives"). This block of code isn't intended to execute procedural code, it just does it anyway!
Either they're trying to bypass some browser/framework security by loading scripts as not-a-script and then executing them, or they're terrible people. Or both.
Admin
"the refuse from one block of code becomes the input to the next block"
lol, nice one! It really is the human centipede captured in code!
Admin
All they're doing is copying some objects from one scope to another, but cloning the relevant functions instead of copying them. It would be slightly neater if they didn't stringify and eval twice to do the clone, of course. A quick browse of Stack Overflow suggests that
object = new Function('return ' + object)();
will do the trick.Admin
Since the main body of the loop only executes if object is null, seems this doesn't do much of anything.
Admin
Sorry - ignore that. Missed the "win" vs "window" thing.
Admin
The main body executes if the object/function/class's name doesn't exist in the global namespace. Because clobbering existing functions would be horrible coding practice (obviously)