SendSpace Homepage

SendSpace is a great uploading site. It features a maximum filesize of 300mb, auto-destruction of the file after being inactive for 30 days, and gives the user a deletion link if needed. The downs of this site features its eccessive ads and pop-ups. The site also requires javascript in order to download files. Each time you download from this site, you will be forced a pop-up window.

SendSpace Pop-Up

Have you ever wondered why your average pop-up blocker (in this case Firefox’s built-in blocker) doesn’t prevent SendSpace’s pop-up ads? I wondered, so I sought out for the answer, directly from the source itself.

SendSpace HTML

Well now, it seems there is an anchor tag with the id of download_button. We can use this to our advantage later on. It also contains the following: onclick=”runad()”. Looks like SendSpace isn’t trying to hide its javascript.

SendSpace JavaScript

If we look more closely, we see that the script tries to use the _gaq.push([“trackPageview”]) function on “/file/downloadbutton”. Why would they do that? The syntax is correct as given here: Google Documentation.

SendSpace JavaScript Try

So what’s really going on? Does the file exist? Nope.

SendSpace File Not Valid

So they try _gaq.push() on something that does not exist, which would throw an error. So then, how do they handle the error?

SendSpace JavaScript Catch

It defines the date as a variable, then does an if statement with a cookie. There is likely another variable above, as it gets returned true in the end, despite trying to duplicate the case giving a false value. Tricky. Notice that newin.blur() and window.focus() are used on the window.open(). See the jsFiddle here.

So in summary, SendSpace’s Pop-Up Algorithm Is Like This:
try (bad) catch (window) where window.innerContents = (newin = window.open() && newin.blur() || (window.open()).blur() && window.focus)

Stay safe,
~!Donovan

Advertisements