ansaurus

Question

Answer 1

A:

Wow, that looks weird! Maybe a lame attempt at avoiding adblocking scripts?

mike nvck 2009-02-17 11:07:52

Possibly but if you look at a lot of add scripts they are done like this. I just can't think of a valid reason why. I assume it has to do with the fact you don;t know what the script contents are (possibly more document.writes -- maybe this might have an effect).

kouPhax 2009-02-17 11:21:51

Answer 2

+1 A:

Google Analytics uses this method too.

zgoda 2009-02-17 11:35:57

Answer 3

+1 A:

I stand corrected, doc.write created scripts are blocking - worse than I though heh :) - but as an adblock avoider it's really weak, so I can only conclude it's an SOP mechanism for dynamically adding params to a script request overused.

Use the DOM insertion technique when avoiding script blocks kids.

annakata 2009-02-17 11:43:24

This is what I thought but considering it makes page rendering slower in in all my tests I can't believe this is actually true. Inline scripts and even appending it to the DOM manually all produce faster renders (in fact document.write make a signifigant block compared to the rest).

kouPhax 2009-02-17 11:56:48

@annakata: Do you have a link which explains this with more details? I also have doubts about the "circumvent blocking".

Aaron Digulla 2009-02-17 12:17:58

No, it's something I'm involved in professionally - I've seen competitors invoking doc.write techniques and had assumed it was part of a blocking solution (since the rest of the code fits the common pattern). Turns out doc.write is just *really* bad, and I'm giving the competition too much credit :)

annakata 2009-02-17 12:31:14

Answer 4

A:

I don't know for certain, but they might use it so all the content on the website is loaded and shown to the user first, then the ads are loaded and shown.

Hoffmann 2009-02-17 12:32:35

no - I thought that at first, but doc.write created scripts *are* blocking

annakata 2009-02-17 12:46:10

Answer 5

A:

To match this with regex and to remove is easy :

<script type='text/javascript' src='http://addomain/someadd.js'&gt;&lt;/script&gt;

but the other is more complex and can be written in different formats.

I think this is the reason.

Canavar 2009-02-17 12:33:55

Answer 6

+1 A:

This method avoids loading the external script if active scripting is disabled.

Gumbo 2009-02-17 12:34:36

if scripting is disabled no scripts are loaded anyway - at least in FF, haven't tested elsewhere but I believe this is true

annakata 2009-02-17 12:51:10

At least some older browsers did that.

Gumbo 2009-02-17 13:13:48

So you mean if active scripting is disabled it prevents the file from loading? Where as if it where a script tag it would be loaded (but not executed)?

kouPhax 2009-02-17 14:27:44

I don’t know it exactly. But I think there are some browsers that do load external script files although active scripting is disabled. So using the former variant would prevent those browsers from loading the external script file.

Gumbo 2009-02-17 15:00:47

That seem to be complicating matters just for the sake of preventing some (probably) legacy browsers downloading a single ad. I can't imagine that's the only reason!

kouPhax 2009-02-18 09:32:06

I don’t think that’s the reason either. (Since when do advertiser care about us?) But it’s a nice side effect.

Gumbo 2009-02-18 10:28:54

Answer 7

+4 A:

I work with a web advertising company, and from what I've heard, certain browsers (don't know off hand which ones) will allow you to drop script tags into the page, but won't allow you to automatically execute their contents.

So, to pull this off, you need to break the script tag into pieces so the browser doesn't treat it as a script tag, but rather as any old HTML Data. Then, as the DOM is processed serially, the next thing it evaluates, after writing out the script tag is... hey, that script tag you just wrote out.

At this point the script tag is evaluated and executed.

Paul Sweeney 2009-08-28 21:09:10

Not sure I grasp this one. I can;t see how it would be treated differently.

kouPhax 2009-09-03 07:38:58

Our company received similar code from an advertising company. I agree with Paul - it's basically a method of reducing the liklihood that the script is filtered/ignored.

Mayo 2009-09-23 16:57:57

I should also add that the code we recieved was further obfuscated with concatenation... "<scr" + "ipt>"... made it pretty obvious that's what they were doing.

Mayo 2009-09-23 17:01:14

Answer 8

+3 A:

Often these document.write injected scripts have dynamic strings attached to them to bust out of caching, or to send some info about the client to the ad server. I suspect your example started out as something like this

document.write("<script type='text/javascript' src='http://addomain/someadd.js?"+extrastuff+"'&gt;&lt;\/sc" + "ript>");

but got tweaked over time, or was copied and modified by someone who didn't understand the extrastuff bit. But as you've written it there is no difference: the two ways you cite in your question are functionally the same.

Michael Mathews 2009-09-23 16:52:30

Answer 9

A:

IMHO, that's not only pointless, but even incorrect. Angle brackets are not escaped, which'll render document technically invalid HTML (even though it'll work in all major browsers, because they try to recover from coders' errors). And in case one's serving his site with XHMTL pages as application/xml+xhtml, document.write() just won't work at all.

drdaeman 2009-09-23 17:06:06

ansaurus

tags:

views:

answers:

Why use document.write?

related questions