WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Why/how does WP obfuscate the js include files? Needing to debug/reverse them. (12 posts)

  1. Mick P.
    Member
    Posted 2 years ago #

    I am just curious why WP obfuscates the Javascript for everyone. Should that not be an option, since WP is opensource?

    Anyway, I am having trouble with swfupload.js on a plugin page, and I can't really tell which "a" variable is undefined/causing an error amidst the obfuscated code. So I need to figure something out. Thanks.

    PS: First time needing to use WP support. Please make it go well for me so I am not turned off :)

  2. Samuel B
    moderator
    Posted 2 years ago #

    wordpress definitely does not obfuscate code and the file swfupload.js isn't part of wordpress installs
    perhaps it's a plugin file in whick case wordpress doesn't control the code

  3. Mick P.
    Member
    Posted 2 years ago #

    ^It is part of the media library that allows you to attach images etc. to posts. It is built into the core, media-upload.php etc.

    All of the js files installed by WP are obfuscated. They are compressed to the point they are totally unintelligible... you may draw a distinction, but I don't.

  4. Mick P.
    Member
    Posted 2 years ago #

    A sample of swfupload-all.js:

    // swfupload
    var SWFUpload;if(SWFUpload==undefined){SWFUpload=function(a){this.initSWFUpload(a)}}SWFUpload.prototype.initSWFUpload=function(b){try{this.customSettings={};this.settings=b;this.eventQueue=[];this.movieName="SWFUpload_"+SWFUpload.movieCount++;this.movieElement=null;SWFUpload.instances[this.movieName]=this;this.initSettings();this.loadFlash()}catch(a){delete SWFUpload.instances[this.movieName];throw a}};SWFUpload.instances={};SWFUpload.movieCount=0;SWFUpload.version="2.2.0 2009-03-25";SWFUpload.QUEUE_ERROR={QUEUE_LIMIT_EXCEEDED:-100,

    This is all of the swfupload files packed into one, which is loaded by load-script/s.php. The rest of the file goes on like that... no line breaks.

  5. ClaytonJames
    Member
    Posted 2 years ago #

  6. Mick P.
    Member
    Posted 2 years ago #

    ^Yes, obfuscated. You can see easily how the two files differ.

    The second (http://core.trac.wordpress.org/browser/branches/3.2/wp-includes/js/swfupload/swfupload-all.js) is used by WP. So if you want to debug in a browser you are stuck with that. It is a conglomeration of more than just swfupload, therefore you cannot simple replace the files.

    This obfuscation I think is a bad practice. But I would just like a solution. Like how the files are obfuscated, so that they can be disobfuscated at the very least.

    PS: Seeing as browsers download a javascript file and then cache it, WP is not saving anyone much bandwidth at all by obfuscating the source code. It is just making the files opaque / impossible / troublesome to debug or adapt.

    If a blog serving bajillions of readers needs to make the files smaller for every ounce of savings per each of its readers, that should be a plugin.

    EDITED: http://en.wiktionary.org/wiki/obfuscate

  7. ClaytonJames
    Member
    Posted 2 years ago #

    Thanks for the reference, but I wasn't questioning the meaning of the word "obfuscated" with my excessive punctuation.

    Does this make it any easier (swfupload-all.js) to work with?

    http://pastebin.com/mNQUaKbX

  8. MickeyRoush
    Member
    Posted 2 years ago #

    I'm intrigued. I thought the javascript file was minified:

    http://en.wiktionary.org/wiki/minify

    What are the functional differences between the two files?

  9. Jackson
    Member
    Posted 2 years ago #

    @Mick P.

    If you add this to your wp-config.php file during development, WordPress will load .dev versions of the JS for easy debugging

    define('SCRIPT_DEBUG', true);
  10. Mick P.
    Member
    Posted 2 years ago #

    @Jackson

    That's what I was looking for. It would be nice if the streamlining was a turn on feature. A good compromise would be to put a comment in the top of the compressed files I think. Still that would not be helpful to non-administrators trying to replicate what their favorite site is up to.

    I noticed in load-scripts you can pass ?c=1 to disable compression for some reason. If there was an analog for undoing the script mangling that would be very handy.

    @MickeyRoush

    Minify is a tech word I've never stumbled across before. Regardless, minified code is a subset of obfuscated code.

    PS: I don't think this is a good practice for WP. Bare minimum define('SCRIPT_DEBUG',true); needs to appear in wp-config.php so administrators can be aware of it from day one. It should be uncommented with a comment that says, comment this out to minify js files or whatever. Or an option could alternatively be in the settings pages.

    EDITED: @ClaytonJames

    I appreciate the effort if you uploaded that code yourself. I think we ultimately found a better solution. But just to be clear, the -all file includes more than the swfupload.js file alone. I'm sorry, I can't tell off the top of my head if everything is in there. It's not clearly labeled -all though.

  11. MickeyRoush
    Member
    Posted 2 years ago #

    Minify is a tech word I've never stumbled across before.

    Minify is a common term used by WordPress users/developers (and among other CMSs as well).
    http://code.google.com/p/minify/

    Regardless, minified code is a subset of obfuscated code.

    I doubt if most people would agree with you on that.

    I've read all of these:
    http://en.wikipedia.org/wiki/Obfuscation
    http://en.wikipedia.org/wiki/Obfuscated_code
    http://en.wikipedia.org/wiki/Minification_%28programming%29

    There seems to be a distinct difference between the terms. That's why in your post I assumed that you were trying to say that WordPress was trying to obscure code (conceal its purpose).

  12. ClaytonJames
    Member
    Posted 2 years ago #

    I appreciate the effort if you uploaded that code yourself. I think we ultimately found a better solution. But just to be clear, the -all file includes more than the swfupload.js file alone. I'm sorry, I can't tell off the top of my head if everything is in there. It's not clearly labeled -all though.

    No effort at all. I just ran it (swfupload-all.js) through a generic decompressor and re-pasted the output to pastebin. Took about 30 seconds total. Glad you found something that works for you!

    define('SCRIPT_DEBUG',true); needs to appear in wp-config.php so administrators can be aware of it from day one.

    That would be a handy feature. It does seem to take a minute or two to find the reference in the Codex. http://codex.wordpress.org/Editing_wp-config.php#Debug

Topic Closed

This topic has been closed to new replies.

About this Topic