12 comments

[ 2.0 ms ] story [ 32.2 ms ] thread
I'm sure I missed something.

InvalidCharacterError: 'atob' failed: The string to be decoded is not correctly encoded.

only tested on chrome...
Chrome 31.0.1650.63 m here (Windows 7)
Doesn't work for me on Chrome 32.0.1700.107 on Ubuntu either.
eval() an obfuscated piece of code from the web, what could possibly go wrong?
Evaluating javascript from the web is what your browser does when loading a page.
To nitpick, no it doesn't: there's some difference between "evaluation" and "interpretation;" not to mention JS scopes and such :)

However, "load, parse and execute this resource, statically referenced in a SCRIPT tag" doesn't raise quite as many red flags as "execute this _obfuscated_ code".

Sure, you could de-obfuscate it (as someone already did in the discussion) and check that it doesn't do anything nasty (e.g. "like" a few dozen pages for you); but the decision is heavily weighted towards "eh, don't bother."

You can decode the base64. :-) I had a look inside and I don't see anything suspicious, just some css manipulation.
Doesn't work on Version 30.0.1599.66 in gnome