Ask HN: How to inject code within a js so that it cannot be auto detected
I have a piece of code (a) which i would like to inject in an existing piece of code (b). I would not like this injection to be auto detected. It is assumed that (b) is always subject to change
My approach was to create a random var (x) which would have the code (a) split and concatenated in random locations within (b)
For example:
Var x="var code=fu";{random piece of (b)};x+="nction(";{random piece of (b)};x+="){}";{random piece of (b)};eval(x);{random piece of (b)}
1. Would you approach this problem differently? 2. How would you detect for root-level code within (b) - aka random locations outside loops or functions
2 comments
[ 3.2 ms ] story [ 17.6 ms ] threadJust messing around, here's something you might try. You might convince someone to paste in a CSS link and an obscure but short snippet of JavaScript. (Okay!) Then:
Serve a stylesheet at your.domain/style.css and serve JavaScript at your.domain/style.css?x. The JS here will fetch that as text and eval it.My assumption is that i am in control of both (a) and (b) so i can mess around with the output of (b) to have all of (a) within itself.
The problem is how to best inject (a) inside (b), without using any 3rd party resources, which could be blocked automatically