If you mean about the eval() is not replaced by other function on the screen even if you have set the corresponding option in Settings tab - it is so by design.
The eval() is replaced in buffer, before compiling the script.
If the option "Replace eval() with XYZ" is set on Settings tab, the following will happen:
- a function XYZ() is created in callback DOM object, with the same function body like the callback for document.write()
- all calls to eval() will be redirected to function XYZ()
Why is eval() not simply replaced by document.write()?
Well, that can be detected from inside the script, and can be used to prevent the script from compiling (a kind of anti-debugging technique).
Why on Settings tab one can set a name for the callback function?
This is also a prevention of anti-debugging.
If the name of the function would be hardcoded, the script could detect that it is executed inside Malzilla, so it can prevent the compilation.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anyone for a chat about Malzilla?
Any feedback from the users of Malzilla? Bugs?
bobby
When script use "eval()" instead of "document.write()" programm does not change it, though inquires it
If you mean about the eval() is not replaced by other function on the screen even if you have set the corresponding option in Settings tab - it is so by design.
The eval() is replaced in buffer, before compiling the script.
If the option "Replace eval() with XYZ" is set on Settings tab, the following will happen:
- a function XYZ() is created in callback DOM object, with the same function body like the callback for document.write()
- all calls to eval() will be redirected to function XYZ()
Why is eval() not simply replaced by document.write()?
Well, that can be detected from inside the script, and can be used to prevent the script from compiling (a kind of anti-debugging technique).
Why on Settings tab one can set a name for the callback function?
This is also a prevention of anti-debugging.
If the name of the function would be hardcoded, the script could detect that it is executed inside Malzilla, so it can prevent the compilation.