Greasemonky for the front page

A place to submit all custom code, scripts, and programs.
Forum rules
Do NOT post malicious code or programs. Please review all code posted in this forum before downloading or running any of the code or programs here.

Greasemonky for the front page

Post by pretentious on Fri Apr 03, 2015 6:11 am
([msg=87563]see Greasemonky for the front page[/msg])

So I was wondering if I can make external webpage request with javascript and thus grease monkey. Turns out I can :)

HTS wants you all to log in before viewing the recent posts on the front page, like chumps, but it doesn't have to be this way. :geek:
This script replaced the 'you must login' message with something at least minimally useful.
Introducing my second attempt to get comfy with this language.
Code: Select all
// ==UserScript==
// @name        active_topics
// @namespace   https://hackthissite.org
// @include     https://www.hackthissite.org/
// @require     http://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js
// @version     1
// @grant       none
// ==/UserScript==

//plaintext httprequest from http://stackoverflow.com/questions/247483/http-get-request-in-javascript

function httpGet(theUrl)
{
    var xmlHttp = null;

    xmlHttp = new XMLHttpRequest();
    xmlHttp.open( "GET", theUrl, false );
    xmlHttp.send( null );
    return xmlHttp.responseText;
}

// check if logged in
var replacedText = $("td:first",$("table:nth-of-type(2)"));
replacedText  =  $(replacedText).html();
if (replacedText.indexOf("Please login to see this feature.") >= 0){

// array of mods for color coding
    admins = ["weekend hacker", "Kage"];
    mods = ["parakkafaith", "limdis", "mShred", "centip3de"];

// get html
var httpRes = httpGet("https://www.hackthissite.org/forums/search.php?search_id=active_topics");


var count = 0 // keeping active topics limited
var finalString = ""; // the html to replace the login message
$(".row", $(httpRes)).each(function(i, obj) {
    if (count < 6 ){
        // traverse through the xml tree
      var icon = $(".icon:first",$(obj));
        var dt = $("dt", $(icon));
        var title = $(".topictitle", $(dt)).text();
       
       
        var lastpost = $(".lastpost", $(icon));
        var span = $("span", $(lastpost));
       
       
        var poster = $("a:first", $(span)).text();
        // add color styling for admins and mods like in the forums
        if (admins.indexOf(poster)>-1){
            var color = "<span style=\'color:Red;\'>" + poster + "</span>";
            poster = color;
        }
        if (mods.indexOf(poster)>-1){
            var color = "<span style=\'color:Green;\'>" + poster + "</span>";
            poster = color;
        }
        var posterLink = $("a:first", $(span)).attr("href");
        var link = $("a:last", $(span)).attr("href")
        // make the addressing absolute
        link = link.replace(".", "https://www.hackthissite.org/forums/");
        posterLink = posterLink.replace(".", "https://www.hackthissite.org/forums/");
        // format the information
        finalString = finalString.concat("<a href=" + posterLink + "\">" + poster + "</a> posted in <a href=" + link + "\">" + title + "</a><br />");       

        count ++; }
});
var newText = replacedText.replace("<center>Please login to see this feature.</center>",finalString);
$("td:first",$("table:nth-of-type(2)")).html(newText);
}


I'm still finding my feet with javascript([ss]arrays whoaa? and what's with the dollar signs XD[/ss]) so I'll welcome critique. I've got a feeling the parsing of xml has a better solution, even for the scale of this problem. Also I feel like I'm turning to jQuery too often for solutions(like every time)

BTW for those who have been using greasemonkey for a while, what interesting uses have you found for it?
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1203
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: Greasemonky for the front page

Post by tgoe on Fri Apr 03, 2015 5:24 pm
([msg=87569]see Re: Greasemonky for the front page[/msg])

haha I always thought the "you must login" widget was weird too.

As for your javascript, I can't use it atm and it seems functional but there are some things that can add up to be a mess in bigger programs.

I'm not sure exactly how userscripts are injected by the browser but you'll generally want to avoid polluting the global namespace to avoid collisions with other javascript that might be present. This is usually done by wrapping your code up in a self-executing anonymous function.

JavaScript's variables are hoisted and 'var' is function-scoped so it's a good idea to declare variables all at once at the beginning of each function. Assigning to undeclared variables might also collide with other javascript because they get hoisted to global scope (your admin and mods arrays).

Quote inconsistencies can lead to bugs. The html generated seems slightly garbled and most browsers try to fix that on the fly making it hard to spot.

Relying on jquery isn't really a bad thing IMO. But I know guys that think javascript and jquery are basically synonymous. Now that's a bad thing. :)
User avatar
tgoe
Contributor
Contributor
 
Posts: 716
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Greasemonky for the front page

Post by pretentious on Sat Apr 04, 2015 10:00 pm
([msg=87590]see Re: Greasemonky for the front page[/msg])

Ok yeah I think If I care in the future, I'll rewrite it as a single function with local variables (remove the dedicated http function since I only use it once) then just call it.

It's there any difference between single and double quotes? This was all an after thought when I wrote the script tbh.
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1203
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: Greasemonky for the front page

Post by tgoe on Mon Apr 06, 2015 9:54 am
([msg=87610]see Re: Greasemonky for the front page[/msg])

Balanced pairs of either ' or " are interchangeable within js or html and you wouldn't normally escape one inside of the other.

For example, this will be fixed on the fly by a modern browser parser:
Code: Select all
"<a href=" + posterLink + "\">"


But it should be:
Code: Select all
"<a href='" + posterLink + "'>"

to avoid bugs with other tools.

The next version of js has a third quote ` for template strings which brings interpolation native. The latest Chrome and Firefox already have them.

Code: Select all
var s1 = "Hello";
var s2 = "World";
var s3 = `${s1}, ${s2}!`;
console.assert(s3 == "Hello, World!");


Template strings also have a weird tagging feature that allow you to specify a custom handler.

Code: Select all
alert`lulz`


That is a valid string and results in a function call. This is probably blocked by builtin reflected xss protection but I wonder if there might be a rise in stored xss attacks because of this and all the poor blacklist-style server-side protection out there.

Just a thought but since you're using XHR natively already, you could probably drop the jquery dependency altogether by using native querySelectors.
User avatar
tgoe
Contributor
Contributor
 
Posts: 716
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Greasemonky for the front page

Post by pretentious on Wed Apr 08, 2015 6:24 am
([msg=87624]see Re: Greasemonky for the front page[/msg])

tgoe wrote:Balanced pairs of either ' or " are interchangeable within js or html and you wouldn't normally escape one inside of the other.

For example, this will be fixed on the fly by a modern browser parser:
Code: Select all
"<a href=" + posterLink + "\">"


But it should be:
Code: Select all
"<a href='" + posterLink + "'>"

to avoid bugs with other tools.

Wow I didn't notice that. Way bellow par. It's kinda worrying that I got away with it actually(lack of an opening quote I mean) :P I've heard that 80% of the code in web browsers is to deal with incompetent web developers. Thanks Mozilla :D

So I spent another 10 minutes tweaking the code a bit
Code: Select all
// ==UserScript==
// @name        active_topics
// @namespace   https://hackthissite.org
// @include     https://www.hackthissite.org/
// @require     http://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js
// @version     1
// @grant       none
// ==/UserScript==


function displayActiveTopics(){
    // check if logged in
    var replacedText = $("td:first",$("table:nth-of-type(2)"));
    replacedText  =  $(replacedText).html();
    if (replacedText.indexOf("Please login to see this feature.") >= 0){
       // array of mods for color coding
       var admins = ["weekend hacker", "Kage"];
       var mods = ["parakkafaith", "limdis", "mShred", "centip3de"];

       // get html
       var xmlHttp = null;
       xmlHttp = new XMLHttpRequest();
       xmlHttp.open( "GET", "https://www.hackthissite.org/forums/search.php?search_id=active_topics", false );
       xmlHttp.send( null );
       var httpRes = xmlHttp.responseText;

       var count = 0 // keeping active topics limited
       var finalString = ""; // the html to replace the login message
       $(".row", $(httpRes)).each(function(i, obj) {
          if (count < 6 ){
              // traverse through the xml tree
              var icon = $(".icon:first",$(obj));
              var dt = $("dt", $(icon));
              var title = $(".topictitle", $(dt)).text();   
       
              var lastpost = $(".lastpost", $(icon));
              var span = $("span", $(lastpost));
       
              var poster = $("a:first", $(span)).text();
              // add color styling for admins and mods like in the forums
              if (admins.indexOf(poster)>-1){
                  var color = "<span style='color:Red;'>" + poster + "</span>";
                  poster = color;
              }
              if (mods.indexOf(poster)>-1){
                  var color = "<span style='color:Green;'>" + poster + "</span>";
                  poster = color;
              }
              var posterLink = $("a:first", $(span)).attr("href");
              var link = $("a:last", $(span)).attr("href")
              // make the addressing absolute
              link = link.replace(".", "https://www.hackthissite.org/forums/");
              posterLink = posterLink.replace(".", "https://www.hackthissite.org/forums/");
              // format the information
              finalString = finalString.concat("<a href='" + posterLink + "'>" + poster + "</a> posted in <a href='" + link + "'>" + title + "</a><br />");       

              count ++; }
       });
        var newText = replacedText.replace("<center>Please login to see this feature.</center>",finalString);
        $("td:first",$("table:nth-of-type(2)")).html(newText);
    }

}
displayActiveTopics();

I wont try and implement the query selector stuff since i'm still new to this and the script ain't broke ;) but thanks for the link. Also checking out template strings, I'm kinda getting a perl vibe. I really wish I could like perl :P
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
Can you say brainwashing It's a non stop disco
User avatar
pretentious
Addict
Addict
 
Posts: 1203
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)



Return to Custom Code

Who is online

Users browsing this forum: No registered users and 0 guests