this post was submitted on 21 Nov 2023
472 points (98.6% liked)
Firefox
17955 readers
606 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The code is not obfuscated. The person i linked to even formatted it nicely. I do not have the time or energy to go through all of youtube's JS. But the 5s everyone is talking about does target every browser the same. Serverside the code isn't altered based on browser detection.
It can be formatted "nicely" with no issue. But that doesn't necessarily make it easy to understand.
What that person posted was in a function named
smb()
that only gets called byrmb()
under certain conditions, andrmb()
gets called byAdB()
under other conditions after being called fromeeB()
used inBaP()
.... it's a long list of hard to read minified functions and variables in a mess of chained calls, declared in an order that doesn't necessarily match up with what you'd expect would be the flow.In the same file you can also easily find references to the user agent being read at multiple points, sometimes storing it in variables with equally esoteric short names that might sneak past the reader if they aren't pedantic enough.
Like, for example, there's this function:
Searching for
vc()
gives you 56 instances in that file, often compared to some strings to check what browser the user is using. And that's just one of the methods where the userAgent is obtained, there's also ayc=Yba?Yba.userAgentData||null:null;
later on too... and several direct uses of bothuserAgent
anduserAgentData
.And I'm not saying that the particular instance that was pointed out was the cause of the problem.. it's entirely possible that the issue is somewhere else... but my point is that you cannot point to a snippet of "nicely formated" messed up transpiler output without really understanding fully when does it get called and expect to draw accurate conclusions from it.