As most Javascript coders probably know by now, IE on Windows XP SP2 likes
to prevent our code from running right away (the user is asked to give
permission the first time). Although I can see the danger in allowing all
scripts to run, the fact that IE makes it sound like we are going to install
some huge, horrible application when we are simply adding rollovers or
client-side validation or some other simple little thing really frustrates
me. Specifically what stuff does IE block? Does it check for certain methods
in the script? Does it block everything until you say it's OK? What can
places do to allow their scripts to be run without the need to be validated
by the user? I have heard about "Signed Scripts", but I feel that it would
be hard to modify and develop when a script had to be "Signed" every time.
Any comments?
I have been using this trick for some time on a home page. The idea is to verify the user's browser has Javascript enabled before allowing the user to access a logon page. The NoJavascript.html page has instructions for turning on Javascript.
A Windows/ME PC using IE 6 now consistently goes to the NoJavaScript.html page when the button is clicked even though Javascript is enabled.
This has been working for several months and continues to work with IE 6 on Windows/XP and other browsers such as Firefox, Opera, etc.
I think the problem is related to the W/ME PC installing the IE 6 Cumulative security Update SP1 (KB896727). Has anyone else encountered a similar problem and found a solution?
I was wondering if using Javascript to redirect a user, on the client side, to different pages depending on what they entered was insecure. I do not want the user to be able to view the source of the page. I am having the user enter in some input using the input dialog box and then using a window.location redirection based on their input. Is it possible to view the source of a page after the input box has closed but before the new page has loaded, ie. while the browser is requesting the new page?
I am looking for the official javascript security specification for web browsers. EMCAScript and DOM spec does not seem to contain a section on security, so I assume none exists and the security policies are implemented as the vendor pleases. If so, do security specs for IE and Mozilla exist?
and with it the developer can trick users into going to or downloading files different from what the user expects.
I recently discovered that you can spoof the status bar in any Javascript enabled browser by the following method, and I'd like to know:Is it a real security flaw?If not, how is it less dangerous than the above method?If so, do I get bragging rights for discovering it, or is it already known? Code:
What I'm trying to do is put my favorites online so that I can access them from any computer. A friend of mine does this, but he's just relying on it not being bookmarked by anyone and not having his email and being in an obscure directory on his website. I'd like to take it a bit further for myself.
I had considered that the file would be something simple like f.html. f.html would get user input, from me, as a "password". However, the code would not validate the proper password (readable by a smart person) but the password would instead be a directory name. The javascript in f.html would then concatenate the variable received into a string that would be the name of the .js file to include (stuck out in some obscure directory). The included file would then proceed to write all the links. Code:
Certain links (using IE) that are meant to open a javascript window don't seem to work on my system. That is, the window appears and disappears in a flash. Of course I have disabled my pop-up stopper. Any suggestions?
i'm using IE 6.0.2800 and in the last month no matter which site on the net each link to a javascript window opens up and crash a sec after its not the pop-up blocker i checked this out already.
How do I deactivate a window using Javascript. For example if I have a window that opens up another window, how do I prevent the user from clicking (doing anything) in the original window until the new window has been closed.
I'm working on controlling Windows Media Player with JavaScript. I have all my functions working but a few. I want to sync the movie so that when it finishes the movie it loads the new one.
Now I was thinking of doing something like:
function PlayNext(movie) { if( Player.controls.currentPosition == Player.controls.duration ) { // execute code to load next movie } } I have that function being called every half second and I still can't get it to sync.
In pre-Windows XP Internet Explorer, adding a bookmarklet for a user was really simple. All I add to do was create a link that executed addFavorite().
Internet Explorer under Windows XP won't allow that due to its new security measures.
How can I make adding a bookmarklet convenient for my Windows XP IE users without having them to do surgery on their security preferences?
Right now I'm having them Ctrl-D to add a new bookmark. Right-click the new bookmark to get the Properties dialog, and then pasting in the contents of my bookmarklet. This is quite messy as you can imagine. In addition, when they save the bookmarklet, they have to hit "Yes" to an error box telling them that "javascript:" does not have a registered program associated with it, do they want to save the bookmark anyways?
below is clickunder code , but it open under windows when visitor click everywhere on the pagei need it be speacial for links , whenever visitor click on speacial link , it opens windows
<SCRIPT LANGUAGE="Javascript"> function PopShow3() { CookieTest=navigator.cookieEnabled; if(CookieTest)
This pops up a new window with every call. In the child window I call a parent function onbeforeunload, appClose() :
function appClose(){
if (window.opener && !window.opener.closed){ window.opener.CloseChild(getQueryString("application")); }}
This is in my frameset tag of the child code :
<frameset ... onbeforeUnload='appClose()'>
The window.opener.CloseChild() function is called perfectly when I have one child window open, but as soon as I create another child window both of the open child windows don't ever call it. They do both go into the onbeforeunload appClose() function, but do not call the window.opener.CloseChild() function inside of this routine.
Anyone have any ideas why when I have two child windows open I can't access the window.opener functions?
I have tried taking each new window out of the array and used the following code in CloseChild() :
I have an application which runs with secure access. User logs in, uses the services, and logs out. After logging out, if the user click the back button, it actually takes them to that page. How can I prevent this?
Is there a way, that if the person clicks the back button or access a browser history, how can I make sure that the latest page is displayed instead of just the cache. Or, clicking the back/history should refresh that page.
I have a intranet site that allows users to log in and get excel reports. The user clicks the name of the report and it opens it from a folder for that user. Easy enough. The problem is that the path of the folder for that user is displayed in the Status Bar when it is being downloaded. I've discovered that users are grabing that path, changing the folder name, and can then access other folders. I don't want that to happen.
I'm working on an html form that will be launched from within another application, but every time it launches the form none of the JS coding works because of the stupid IE security. If I launch the form from outside the application I just have to select "allow blocked content" from that stupid information bar that says "to help protect your security IE has restricted the webpage from running scripts...."
I added the application site to our trusted sites and basically turned off security for that zone but it still doesn't work. Obviously there is a way to run JS without allowing the content, but I don't do enough coding to know how that is done.I need the JS to run automatically without that information bar appearing at all.
it would be easy for someone to copy the html and javascript pages to their site and then access my server pages. I don't suppose it matters much if someone did that as long as the php page had proper validation but is it possible to block someone linking to my server pages like that.
Is there a way to test for security settings in a users browser AND their firewall. Lets say someone is using zonealarm. Is there a way to test for their setting in zonealarm, so I can then redirect them to a specific page.
The reason I am asking is that I have a flash front page. A user cannot see the page because he has his security settings set so that he does not see activex controls. I want to be able to test for those settings then redirect him to a static page.
I am writing a script that uses xmlhttp.open, when i attempt to open a protected page I get the login prompt for my htpasswd. Is it possible to detect if there is a login requirement before the login prompt and if there is a login just do something else? I can use xmlhttp.status and check for 200 but if I do this then it would happen after the login prompt.
I have a webpage in which my users complete a form in order to get through to page 2. I cannot use PHP to check as it must be on-the-fly checking.My idea was like the following:
<script type="text/javascript"> function check(x) {[code]...
And for the images to actually be PHP files that check further details of the user and insert details to DB. Then when the user clicks the next button it will check to see if all 4 users have loaded under that users details.However, I would much prefer it if I could use more PHP as I'm a Javascript n00b. Preferably I would like to use PHP to create unique keys for the images so that once I have obfuscated the javascript code the user will not figure out how to cheat the system even if they manage to reverse engineer the code.
E.g. <?php $pic = "picture.jpg"; ?>[code]...
Or is this not at all possible?
Edit: I know how much simpler that first script could have been, was just trying to simplify from my double as messy full script which will probably confuse you even more!!!
I have a textbox in which users can enter some text. And after entering this text I show it for them with help of innerHTML. ( befor it - I replace smiles with <img> tag ) I'v tried to enter some JavaScript there, and have found that it is not working. The question is how safe is that?
