hwg-basics archives Mar 2002 new search results previous next

Re: Pop-up window<Javascript?>

by "Darrell King" <darrell(at)webctr.com>

 Date:  Wed, 27 Mar 2002 18:20:44 -0500
 To:  "HWG Basics List" <hwg-basics(at)hwg.org>
 References:  prodigy computer 0 02 MyComputer hotmail
  todo: View Thread, Original 
Nice list.  All of the JavaScript exploits except the Hotmail one seem
relegated to 4.x era browsers, but I am sure that the new generation of
browsers will leave something unprotected somewhere.

Still, while I don't encourage using JS for mission-critical functions
without a non-JS backup, it is true that most of my clients are not
interested in document repositories or data archives.  They want Web-based
TV commercials, consumer-grabbing Wow! -glitter and similar extras dependant
upon JS.  I will provide them, or I'll have to go hunting for a job at the
Library of Congress or somewhere where white pages and black text are the
uniform of the day...:).

I don't think having JS enabled for email is a good idea, myself...I prefer
boring, plain text email...but I am not against it being used for
client-side scripting in Web pages as long as the appropriate alternatives
are available.

D


----- Original Message -----
From: "James Roberts" <jamiergroberts(at)hotmail.com>


Hi there:

Reasonable syllogism? I reckon. Now to evidence: obviously, there are no
current exploits I can point out. But here's a few pointers to historic
exploits, current discussion and even a couple of h4ckerz sites (careful!
I'll indicate which they are)...

http://www.w3.org/Security/Faq/wwwsf2.html#CLT-Q8
http://www.anovember.com/present/security/browser_risks_javascript.shtml
http://mivo.truxoft.com/art0008.htm
http://www.guninski.com/java1-desc.html
http://www.cs.princeton.edu/sip/faq/java-faq.php3
http://www.wired.com/news/infostructure/0,1377,41608,00.html
http://kmself.home.netcom.com/Rants/javascript-rant.html
http://www.zdnet.com/products/stories/reviews/0,4161,2341488,00.html
http://www.pchell.com/virus/brownorifice.shtml
http://www.theregister.co.uk/content/8/19438.html

*H4ackerzites - caution, often I get attempts to lay a trojan on me at these
sites and similar ones... YOU HAVE BEEN WARNED (but these are OK I think -
just don't click on anything, huh?)*

http://www.nsclean.com/axtest.htm
http://www.newfangled.san-jose.ca.us/Hacking%20WinMe/why_msie_5.html

HTML: hwg-basics mailing list archives, maintained by Webmasters @ IWA