Weird code gets added to messages - What does it mean?

Hi there,

I recognized that some wired code gets added to some of my messages. For example when I contacted a support team from a WP Plugin then the code gets added on top. Also it gets added inside the WP Elementor Plugin, when I will edit some text. And finally it is visible on top of a form I created in Wordpress.

This is the code:

var spector; var captureOnLoad = false; var captureOffScreen = false; window.__SPECTOR_Canvases = []; (function() { var __SPECTOR_Origin_EXTENSION_GetContext = HTMLCanvasElement.prototype.getContext; HTMLCanvasElement.prototype.__SPECTOR_Origin_EXTENSION_GetContext = __SPECTOR_Origin_EXTENSION_GetContext; if (typeof OffscreenCanvas !== 'undefined') { var __SPECTOR_Origin_EXTENSION_OffscreenGetContext = OffscreenCanvas.prototype.getContext; OffscreenCanvas.prototype.__SPECTOR_Origin_EXTENSION_OffscreenGetContext = __SPECTOR_Origin_EXTENSION_OffscreenGetContext; OffscreenCanvas.prototype.getContext = function () { var context = null; if (!arguments.length) { return context; } if (arguments.length === 1) { context = this.__SPECTOR_Origin_EXTENSION_OffscreenGetContext(arguments[0]); if (context === null) { return context; } } else if (arguments.length === 2) { context = this.__SPECTOR_Origin_EXTENSION_OffscreenGetContext(arguments[0], arguments[1]); if (context === null) { return context; } } var contextNames = ["webgl", "experimental-webgl", "webgl2", "experimental-webgl2"]; if (contextNames.indexOf(arguments[0]) !== -1) { // context.canvas.setAttribute("__spector_context_type", arguments[0]); // Notify the page a canvas is available. var myEvent = new CustomEvent("SpectorWebGLCanvasAvailableEvent"); document.dispatchEvent(myEvent); this.id = "Offscreen"; window.__SPECTOR_Canvases.push(this); if (captureOnLoad) { // Ensures canvas is in the dom to capture the one we are currently tracking. if (false) { spector.captureContext(context, 500, false, false); captureOnLoad = false; } } } return context; } } HTMLCanvasElement.prototype.getContext = function () { var context = null; if (!arguments.length) { return context; } if (arguments.length === 1) { context = this.__SPECTOR_Origin_EXTENSION_GetContext(arguments[0]); if (context === null) { return context; } } else if (arguments.length === 2) { context = this.__SPECTOR_Origin_EXTENSION_GetContext(arguments[0], arguments[1]); if (context === null) { return context; } } var contextNames = ["webgl", "experimental-webgl", "webgl2", "experimental-webgl2"]; if (contextNames.indexOf(arguments[0]) !== -1) { context.canvas.setAttribute("__spector_context_type", arguments[0]); // Notify the page a canvas is available. var myEvent = new CustomEvent("SpectorWebGLCanvasAvailableEvent"); document.dispatchEvent(myEvent); if (captureOffScreen) { var found = false; for (var i = 0; i < window.__SPECTOR_Canvases.length; i++) { if (window.__SPECTOR_Canvases[i] === this) { found = true; break; } } if (!found) { window.__SPECTOR_Canvases.push(this); } } if (captureOnLoad) { // Ensures canvas is in the dom to capture the one we are currently tracking. if (this.parentElement || false) { spector.captureContext(context, 500, false, false); captureOnLoad = false; } } } return context; } })()

I also send a screenrecoding from the code, so that you can read it better:

Is anyone familiar with this code?

What does it mean and how can I get rid of it?

Thanks for help!

Does no one have any idea what this code does and why it keeps popping up?

Thanks a lot for answers!

Do you have any plugins/extensions on your browser?

@skaparate Thanks for your reply! I have plugins on some browsers, but I tested it with a few different browser and some of them have no plugins at all.

You can check the issue here. There you can see the weird code that gets added to the form. There are also some errors in the console, but I am not sure how to solve them.

Thanks for help!!

I’m not entirely sure, but I’m inclined to say it’s some kind of virus.

Can you scan your website for virus? WordPress, specially if you allow people to upload files to it, can be very vulnerable.

You could search the website files (WordPress core files) for a specific string, like this: HTMLCanvasElement.prototype.__SPECTOR_Origin_EXTENSION_GetContext

That could give you some idea of what is injecting that code. If you download the files, scan them with an antivirus and make sure they’re isolated (use sandboxie, for instance, or a VM without access to your Host OS)

1 Like

@skaparate Thanks for your reply!

Actually it was some kind of malware and another Dev helped me to get rid of it. However it is still somewhere inside the system because I can see that similar code gets automatically added into Elementor (page builder plugin).

I dont have any idea what is the purpose of this virus and can it actually effect my operating system as well? I also dont know how to delete this virus completely.

For now the website looks normal, I just get this annoying code added into a text editor in Wordpress. Is there anything I can do without spending days to fix it?

Btw, there is no upload option on the Website, but there are some contact forms without a reCapture, probably the virus was injected through a contact form…

Right, I can see from another thread you’ve made that you’re using threejs. Are you using the Spector.js extension in your browser to inspect that or have you installed it at some point (there are Chrome & Firefox plugins)?

That’s not a virus, it’s just the error messages from the Spector.js extension when it tries to access something that isn’t a WebGL scene. IIRC (I used it when I was doing some threejs and babylonjs stuff) it interacts really badly with some website code, I think to do with how it sends messages/events

The extension is emitting events. Some textarea or whatever has an event listener attached to it that is picking up those events. That’s all. Something, either Spector or the WP plugin (edit: TinyMCE is the common thing that is picking the events up here) , is maybe not that cleverly coded :man_shrugging:t3:. I would very strongly suspect (from using it) that the issue is Spector but I dunno

Just disable the extension and the messages will go away

Google will give you lots of results, but basically every single one will be when this has happened to someone when they’ve been writing a WP or a forum post and they’ve hit publish without realising the post is basically all that garbage

1 Like

Oh I just stumbled again through this thread and wanted to answer even if it is already two months ago.

Actually it does not come from Spector.js because I dont use this extensions and it is not only visible for me, also other people can see it. Now its gone on the frontend, but I can still see it when I edit the paragraph text in the WP backend with Elementor.

Unfortunately I still couldn´t figure it out how to get rid of it and what exactly it is. However I will let you know when I got a solution.

Here some screenshots how it looks inside of Elementor:

The Code:

<script type="text/javascript">
    var spector;
    var captureOnLoad = false;
    var captureOffScreen = false;
    window.__SPECTOR_Canvases = [];

    (function() {
        var __SPECTOR_Origin_EXTENSION_GetContext = HTMLCanvasElement.prototype.getContext;
        HTMLCanvasElement.prototype.__SPECTOR_Origin_EXTENSION_GetContext = __SPECTOR_Origin_EXTENSION_GetContext;

        if (typeof OffscreenCanvas !== 'undefined') {
            var __SPECTOR_Origin_EXTENSION_OffscreenGetContext = OffscreenCanvas.prototype.getContext;
            OffscreenCanvas.prototype.__SPECTOR_Origin_EXTENSION_OffscreenGetContext = __SPECTOR_Origin_EXTENSION_OffscreenGetContext;

            OffscreenCanvas.prototype.getContext = function () {
                var context = null;
                if (!arguments.length) {
                    return context;
                }
    
                if (arguments.length === 1) {
                    context = this.__SPECTOR_Origin_EXTENSION_OffscreenGetContext(arguments[0]);
                    if (context === null) {
                        return context;
                    }
                }
                else if (arguments.length === 2) {
                    context = this.__SPECTOR_Origin_EXTENSION_OffscreenGetContext(arguments[0], arguments[1]);
                    if (context === null) {
                        return context;
                    }
                }
    
                var contextNames = ["webgl", "experimental-webgl", "webgl2", "experimental-webgl2"];
                if (contextNames.indexOf(arguments[0]) !== -1) {
                    // context.canvas.setAttribute("__spector_context_type", arguments[0]);
                    // Notify the page a canvas is available.
                    var myEvent = new CustomEvent("SpectorWebGLCanvasAvailableEvent");
                    document.dispatchEvent(myEvent);
                    this.id = "Offscreen";
                    window.__SPECTOR_Canvases.push(this);
    
                    if (captureOnLoad) {
                        // Ensures canvas is in the dom to capture the one we are currently tracking.
                        if (false) {
                            spector.captureContext(context, 500, false, false);
                            captureOnLoad = false;
                        }
                    }
                }
    
                return context;
            }
        }

        HTMLCanvasElement.prototype.getContext = function () {
            var context = null;
            if (!arguments.length) {
                return context;
            }

            if (arguments.length === 1) {
                context = this.__SPECTOR_Origin_EXTENSION_GetContext(arguments[0]);
                if (context === null) {
                    return context;
                }
            }
            else if (arguments.length === 2) {
                context = this.__SPECTOR_Origin_EXTENSION_GetContext(arguments[0], arguments[1]);
                if (context === null) {
                    return context;
                }
            }

            var contextNames = ["webgl", "experimental-webgl", "webgl2", "experimental-webgl2"];
            if (contextNames.indexOf(arguments[0]) !== -1) {
                context.canvas.setAttribute("__spector_context_type", arguments[0]);
                // Notify the page a canvas is available.
                var myEvent = new CustomEvent("SpectorWebGLCanvasAvailableEvent");
                document.dispatchEvent(myEvent);

                if (captureOffScreen) {
                    var found = false;
                    for (var i = 0; i < window.__SPECTOR_Canvases.length; i++) {
                        if (window.__SPECTOR_Canvases[i] === this) {
                            found = true;
                            break;
                        }
                    }
                    if (!found) {
                        window.__SPECTOR_Canvases.push(this);
                    }
                }

                if (captureOnLoad) {
                    // Ensures canvas is in the dom to capture the one we are currently tracking.
                    if (this.parentElement || false) {
                        spector.captureContext(context, 500, false, false);
                        captureOnLoad = false;
                    }
                }
            }

            return context;
        }
    })()</script>

Sorry to necro this thread but I’d forgotten all about it & it popped up below another reply from a different thread:

You may have manually installed it but it’s extremely likely that you’ve implicitly installed it; ie it’s a dependency of one of the Wordpress extensions. So you need to debug there (stat by figuring out which on has it as dependency, then figure out how to disable it). This is 100% a bug caused by Spector, it is absolutely not a “virus”, and if it is a WP extension it’s only “malware” in the sense that you’re using badly coded WP extensions somewhere.

1 Like

Thanks for your answer, I still was not able to fix it.

What do you mean by Spector?

If you are right then the easiest way would be to deactivate the plugins one after another and check if the issue will disappear. Then I know what plugin is causing the issue and need to install an alternative.

I will try to do that as soon as I have some time to debug…

Spector is a tool used for debugging a technology called WebGL. I can’t say this for sure, but it looks very much like the developer of one of the extensions you are using (or a dependency of the extension, or a dependency of that, etc, you get the idea) has used spector for whatever reason. Possible places to look at would be any extension that uses maps or graphs or fancy visual effects.

I am guessing that the code using it has been included in the extension by accident. It shouldn’t be there (it’s a development tool), but the end result is that it’s attaching that debugging script call to your code. Then when you run the code, it’s interacting very badly with (I think) the tinyMCE editor.

The reason I think this is the case is that if I Google for the issue, I don’t get useful results. What I get are lots and lots of results which look very much like people publishing Wordpress posts (or the WP systems they’ve set up publishing them automatically?) on setups with this (what I assume to be) bugged extension. The majority the results are just Wordpress posts with this garbage as the body of the post. In addition, most of the links are dead links, which makes it look like people have published, had the post indexed by Google, then realised that they’ve published garbage by accident & gone back and fixed it.

First port of call would be to make sure everything is fully up to date – the overall WP install, then every extension/plugin. Then try to find the code for the extensions you’re using: grep your code, look for any reference to Spector so that you can identify what’s doing this.

Then, if you still get the issue, look at anything to do with maps, disable that first, check. Then graphs, disable, check. Then fancy visual effects, disable, check. If you’re still getting the issue, it’s going to just be a case of painfully working through the setup disabling and reenabling.

This topic was automatically closed 182 days after the last reply. New replies are no longer allowed.