Poker Texas
Poker Texas
Explore posts from servers
CDCloudflare DevelopersPPrisma
PostsComments
CDCloudflare Developers
Created by Poker Texas on 12/21/2023 in #general-help
Production Website pages with cloudflare turnstile run script from "challenges.cloudflare.com".
I work as developer for a big company and in production when i visit website and open developer tools, a worker runs and run a script from "challenges.cloudflare.com". A file pops up in developer tools for a second and then disapear called "VM5" and only contains one line of code saying "debugger". the worker script from "challenges.cloudflare.com" runs 
onmessage = function(e) {
    if (e.isTrusted && "" === e.origin && null === e.source) {
        eval(e.data);
    }
};
onmessage = function(e) {
    if (e.isTrusted && "" === e.origin && null === e.source) {
        eval(e.data);
    }
};
. Where e.data is equal to 
"postMessage({ hYzg3:'removed_code_if_sensitive'});eval('debugger');postMessage({ hYzg3:'removed_code_if_sensitive'});"
"postMessage({ hYzg3:'removed_code_if_sensitive'});eval('debugger');postMessage({ hYzg3:'removed_code_if_sensitive'});"
. Should this file really appear in production? The website uses wpforms with cloudflare turnstile.
1 replies