1 /* str - a String object to launder */
    2 /* root_id - a String representing the identifier of the DOM element to be considered as root. The root must have no children */
    3 /* returns the laundered String object */
    4 
    5 function leakConditionalNavigation(str, root_id) {
    6 	leak = "";
    7 
    8 	leakRoot = setup(root_id);
    9 
   10 	for (i=0; i<str.length; i++) {
   11 		b = 0x00;
   12 		for (j=0; j<8; j++) {
   13 			p = encodeBit((str.charCodeAt(i)>> j) & 0x01, leakRoot);
   14 			bit = decodeBit(p);
   15 			b = b | (bit << j);
   16 		}
   17 		leak = leak + String.fromCharCode(b);
   18 	}
   19 	return leak;
   20 }
   21 
   22 function setup(root_id) {
   23 	root = document.getElementById(root_id);
   24 	var div = document.createElement("div");
   25 	root.appendChild(div);
   26 	return root;
   27 }
   28 
   29 function encodeBit(bit, leakRoot) {
   30 	pointer = null;
   31 	if (bit)
   32 		return pointer = leakRoot;
   33 	else
   34 		return pointer = leakRoot.firstChild;
   35 	return pointer;
   36 }
   37 
   38 function decodeBit(p) {
   39 	if (p.hasChildNodes())
   40 		return 1;
   41         else return 0;
   42 }