0

I know that one can include JS in their HTML files with a <script src=""></script> include, but can you specify it to load in the script src backwards (reading line by line bottom to top instead of top to bottom)? I would not like to include the script src with any inline JS or anything like that: it needs to be simply included in (but from bottom to top instead of top to bottom). Further, I understand I could just flip the script around so that loading it top to bottom isn't an issue, but I would like to know if there is any way I could simply load from bottom to top.

For example, here's a test.js file:

alert("line 1!");
alert("line 2!");
alert("line 3!");

And if I include it in a test.html file, I could do this in the <head></head> or <body></body>:

<script src="test.js"></script> <!-- Assuming They are in the same directory -->

Now when this test.js gets included, it is (as far as I am aware) going to read test.js from top to bottom, so alert("line 1!") will run before alert("line 3!"). And, if let's say line 1 in test.js is invalid, then the whole script stops getting included. I am wondering if I can do a <script src="test.js"></script> include where line 3 (the last line) gets read first (so alert("line 3!")) and the first line gets read last (alert("line 1!")). I am doing a cyber security challenge and I know that the top of the file I am trying to include is not valid JS, but the bottom is, so theoretically if I can include it from bottom to top I could get my JS to execute before it throws an error.

Improve this question
5
  • You could have the src point to a server script that reads a file backwards and returns that. Commented Oct 6, 2021 at 23:07
  • src="backwards.php?file=filename.js" Commented Oct 6, 2021 at 23:08
  • 1
    Why would you have a script written backwards? Commented Oct 6, 2021 at 23:08
  • @Barmar I am doing a cyber security challenge and would like to include the file backwards since the only valid JS in the file is at the bottom. I can't use backwards.php because the include has to be from the host server's domain (as defined by the CSP) and I can only upload an image. So I am uploaded a malicious image that has valid JS at the bottom of it, but including it causes an error because it is trying to read it from top to bottom. Commented Oct 6, 2021 at 23:14
  • Code is read from top to bottom left to right. It wouldn't make sense to read it backwards. The code won't work, as variables would become undefined in most cases. Commented Oct 6, 2021 at 23:19

1 Answer 1

Reset to default
1

You can create a function that executes the script contents backward by sending an AJAX request to the target URL, splitting the response by a newline, reversing the resulting array, join into a string then use eval.

Something like this:

function loadScriptBackwards(url) {
  var xhttp;
  xhttp = new XMLHttpRequest();
  xhttp.onreadystatechange = function() {
    if (this.readyState == 4 && this.status == 200) {
      eval(this.responseText.split("\n").reverse().join('\n'))
    }
  };
  xhttp.open("GET", url, true);
  xhttp.send();
}
Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

That will only work if each line is a complete statement. You should reverse the lines, join it back into a string, then eval that.
@Barmar True. I've updated my answer.
@Spectric That is awsome! Thank you! But I cannot use any inline JS, it needs to be a script include of some sort.
This might not work in his challenge because his web page won't be in the same domain as the script file, so this will be blocked by CORS.
@Bob No, there's nothing built-in that will read a script backwards.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.