• Frist! (unregistered)

    Seems like a classy centipede, at least.

  • (nodebb)

    One of the worst snippets of javascript I've ever seen, maybe the worst.

  • DQ (unregistered)

    I've only just processed the trauma and now you submit me to it again. This constitutes cruel and unusual punishment.

  • Junkfoodjunkie (unregistered)

    This got to be WordPress. This is WordPress, right? Still not entirely sure why they've used eval(), or what the point of this whole shebackle is, but... Wow.

  • peevee (unregistered)

    Now please make me unsee this... please!

  • PotatoEngineer (unregistered)

    It's loading a bunch of function, class, and object definitions from a script file - by manually parsing a text file and putting the parsed objects into the global namespace. By rights, the entire thing should just be a script tag - because that will parse text and execute it! The one bright spot in all of this is that it looks like they're just setting up objects (probably some library classes and app-specific data, like maybe "where the back end lives"). This block of code isn't intended to execute procedural code, it just does it anyway!

    Either they're trying to bypass some browser/framework security by loading scripts as not-a-script and then executing them, or they're terrible people. Or both.

  • Barf4Eva (unregistered)

    "the refuse from one block of code becomes the input to the next block"

    lol, nice one! It really is the human centipede captured in code!

  • (nodebb)

    All they're doing is copying some objects from one scope to another, but cloning the relevant functions instead of copying them. It would be slightly neater if they didn't stringify and eval twice to do the clone, of course. A quick browse of Stack Overflow suggests that object = new Function('return ' + object)(); will do the trick.

  • idho (unregistered)

    Since the main body of the loop only executes if object is null, seems this doesn't do much of anything.

  • idho (unregistered)

    Sorry - ignore that. Missed the "win" vs "window" thing.

  • Alan (unregistered) in reply to idho

    The main body executes if the object/function/class's name doesn't exist in the global namespace. Because clobbering existing functions would be horrible coding practice (obviously)

Leave a comment on “2018: JavaScript Centipede”

Log In or post as a guest

Replying to comment #502025:

« Return to Article