Search code examples
javascriptobfuscationminify

Javascript comma syntax, and complex expressions, minified, obfuscated: please help me understand a piece of code

I need to understand some pieces of code. I feel fine with the syntax of Java, C++, PHP, but JavaScript syntax is still a "dark forest" for me. Here are the original forms and possible interpretations, I mean equivalents in terms of program logic:

1.

   var o,
   a,
   s = "https://widget.kiwitaxi.com",
   c = e.createElement("iframe"),
   l = e.getElementById(r.target),
   p = r && r.height_bias ? 4 + r.height_bias : 4,
   u = !1,
   f = parseInt(r.min_height, 10) 
           ? parseInt(r.min_height, 10) 
           : r.hide_form_extras && !r.default_form_title 
               ? 304 
               : 386;

I'm almost sure about this one, here I can replace commas with semicolons and add var statement to the beginning of each line, and it will produce the same results, am I right?

var o;
var a;
var s = "https://widget.kiwitaxi.com";
var c = e.createElement("iframe");
var l = e.getElementById(r.target);
var p = r && r.height_bias ? 4 + r.height_bias : 4;
var u = !1;
var f = parseInt(r.min_height, 10) 
            ? parseInt(r.min_height, 10) 
            : r.hide_form_extras && !r.default_form_title 
                ? 304 
                : 386;

  1. And this one is really tough for me, I cannot presume any interpretation.

    o = s + "/w",
"en" == r.language && (o += "-" + r.language.toString().toLowerCase()),
("biletik" == r.theme || "ostrovok" == r.theme) &&
(o += "-" + r.theme.toString().toLowerCase()),
o += ".html",
r.banner_id || (r.banner_id = "22995c4e");

    As I understand:

    1. "o" is evaluated to s + "/w", then is concatenated with "-", and then with ".html"? Are any conditions applied to that string building, I mean, can any of that two concatenations be applied by condition in this code?
    2. What does comparison == operator do in the statement (the part "en" == r.language...), which variable receives that result? Or can it be just an obfuscation trick?
    3. And the last one, after the last comma, r.banner_id || (r.banner_id = "22995c4e"); Here goes an assignment, that is clear, but what is the point of other stuff in this part? Is the assignment made by condition here (if r.banner is not undefined-or-null-or-false)?
Solution 
  • "en" == r.language && (o += "-" + r.language.toString().toLowerCase()),

    Ooh...that line's tricky.

    So, example: If you were to write var myVar = false && thisFunctionThrowsError(), where the function would throw an exception if it were called, that would actually not return an error - because anything after the ampersand won't be evaluated. It's called short-circuit evaluation. In this case, someone has cut out the part where he checks the result of the && comparison, and only uses it to determine whether or not to run the right side.

    So, if I write:

    "biletik" == r.theme && (o += "-");

    That means it will add a dash to o only if r.theme == 'biletik'.

    The last line is the opposite; it looks like it's a lazy-initializer. If r.banner_id is null, that evaluates to false - so it runs the second part of the ||, initializing it to 22995c4e.