PC World Malicious HTML In E-Mail Increases: Defense "Turn Off"?
Sep 27, 2010
This article was just published on [URL].. As I read it this is about a new twist to an old issue. (see excerpts below) 1 - I thought JavaScript was in a "sandbox" and prevented inappropriate access to the local machine. Is this no longer true?
2 - More to the point: Can or are any modifications to JavaScript be done by the JavaScript development team... who ever that is (Oracle?)... to fix what ever JavaScript vulnerabilities are being exploited?
3 - Are there other defenses for the client machine other than those mentioned in the excerpt below? (Turn off JavaScript in their browsers, etc.) 4 - If there is no vigorous response to this by the JavaScript development team how can we continue to create apps with JavaScript as such will encourage people to simply turn off java script in their browsers and that will encourage other web developers to simply not use JavaScript on their sites.
5 - Is Oracle the "owner" or "keeper" of javascript? I looked on the Oracle Forums and saw no forum for javascript. If not Oracle who is addressing issues like these?
Article Excerpts: More recently still, the spammers started embedding the JavaScript inside the HTML file (rather than as a simple file attachment), to spread the horrible Zeus banking Trojan.
"So yes, a seemingly innocent HTML email attachment can do plenty of damage, and while quite stealthy, definitely not harmless," concludes Barracuda Labs' researcher, Dave Michmerhuizen. The only defenses against this sort of attack are either for it to be filtered at the gateway so it never reaches the user, or for the user to disable JavaScript in their browser. Security software on the PC might catch the exploit.End Excerpt.
View 2 Replies
ADVERTISEMENT
Apr 28, 2011
how to adjust the iframe height by itself if my html height increases. My html code includes a facebook comment at the bottom of my page and the comment will show making it expand the height once users post comments. On the other hand, I'm using a CMS that have its own iframe. I've tried many solutions that can be found on the web but none works. It only can work if I don't put in CMS. Is it possible to adjust the iframe height using CMS or there is no way?
View 7 Replies
View Related
Oct 13, 2005
Is it possible to use via DOM IE's
File Menu --> Send --> Page by E-mail and Link by E-mail
feature through client side javascripting?
View 4 Replies
View Related
May 3, 2011
What I want to do is somehow get my browser version through javascript:
Code:
var browse = navigator.appName; and then mail that to myself. I can't figure out how to get that variable into php so I can email. I'm aware of the difference between client/server side, so I need to know how I could POST the value to another page or something.
View 7 Replies
View Related
Jul 13, 2011
I've seen examples of how to turn xml into html, but how can I make the html output clickable so as to be able to access the corresponding original xml element (to read its attribute values)?
View 1 Replies
View Related
Dec 1, 2011
I am creating a cookie that increases a "value" or "integer" by 1 (ie Y+1) every time any page inside my webpage. Any webpage that i put the code into. right now I need it so that when you visit a page with the code it increases the variable or "cookie" (Y) by 1. when Y reaches a certain number, I.E 10, it resets Y to "0" and redirects you to a URL. Please explain where each value would go in any replies. EX: when opening the menu of an iPod game it asks you to rate the game, saying remind me later resets the value to "0" and saying rate now, resets to "0" but does not keep counting on the next page.
[Code] .....
View 7 Replies
View Related
Apr 1, 2011
I have this case:1) A #box that works as a container, it has overflow:hidden and position:relative.2) A #dynamic div that is inside of the #box, it has a padding:0 that gives it a height greater than its parent, it has position:absolute3) Inside the #dynamic div there are a random quantity of divs with the class of .item. There are two anchors, one anchor when clicked increases the top position of the #dynamic by 100px, the other anchor does the opposite.This is the code I tried:The problem with my code, is that when the anchor is clicked it only changes to 100px the value of the top position, instead of increasing its value by 100px each time it is clicked.By the way, the #dynamic div must always be in sight within #box, to prevent that many clicks send too far the position of the #dynamic. Making a big hole in the design.
View 2 Replies
View Related
Jan 3, 2010
I have a bit of coding that is keeping me up at nights because of it's damn stubborness. All I want to do is pop-up an Alert that says Hello World.
I'm new to coding period so I'm writing verbatim dummies javascript book examples.
Here is the code for the script:
Okay I've done this code , and variations and only have ended up with the same message in firefox "syntax error""quirks mode".In IE 8 I get messages to cryptic to understand.
So what gives? Where is my error in syntax?The code makes sense to me, and I'm following XHTML conventions.:
View 5 Replies
View Related
Jan 27, 2006
AIUI, it was not all that long ago when the threat to personal users,
was attachments that when executed compromised machines with keyloggers,
trojans, etc.
Now it seems that the big problem is reading a webpage or an HTML e-mail
and getting affected through the scripting. My understanding is that
the script downloads the malicious program from the web and sets it to
run on start up through the start-up folder or in the registry.
I don't know much about this; can someone suggest a good web site to
start learning a bit more about these threats. I have googled, but I am
not quire sure of the best search terms, and since there is so much
information out there, a site that experienced people endorse would be a
lot of help.
In particular, it seems as if JavaScript dowloading a trojran without
the user clicking an attachment is a big problem.
View 28 Replies
View Related
Jun 22, 2010
How I would output the day as well in this
[url] world clock example?
View 6 Replies
View Related
Feb 10, 2011
I have a website that allows users to enter complex mathematical formulas into a text field and evaluates them.
I am currently using eval() because it not only can handle all the standard mathematical functions, but also gives them access to the Math object. That way the users can use functions such as Math.max() and everything else.
I realize, though, that using eval is evil, I assume because a malicious user might throw in some more damaging javascript that would be run without checking it. (That's why eval is evil, right?)
Is there a way that I can allow my users to construct complex mathematical formulas and use the Math object (or an equivalent) without potentially opening my site up to harm?
View 3 Replies
View Related
Jun 14, 2006
This is an article discussion thread for discussing the SitePoint article, "The JavaScript Library World Cup"
View 24 Replies
View Related
Nov 11, 2009
Besides malicious intent, why would someone disable javascript for general web browsing?
View 24 Replies
View Related
Mar 5, 2010
So today I have discovered some malicious JavaScript code inserted into a bunch of my pages on a webserver. Access to these pages through FTP is granted to 3 people, myself, my boss, and a contract programmer. Unfortunately, the FTP server wasn't set to log, so I can't tell for sure if it was the programmer, but my assumption and suspicion is that it was him.
This code was inserted at the bottom of multiple pages. I can't make heads or tails of it, but it cannot be good, whatever it is. When I view the page that it was on, I noticed the web browser connecting to [url]. Browsing to this page takes you to some foreign hosting site. Googling superseasilver.ru only provides a page that has this address listed in a blacklist.
Code below:
View 9 Replies
View Related
Sep 23, 2011
Can a plugin stop some malicious scripts to be executed?
Say, i have my plugin installed in my browser. Can this plugin go through the html contet of the site and stop the execution of activeX, action scripts, flash, pdf anything like that?
View 2 Replies
View Related
Feb 14, 2011
I hope this is relatively simple. I've looked around for the answer, but I thin think the search terms (update onchange event) are a bit too common...
document.getElementById("tester").innerHTML= "hello";
document.getElementById("tester").onmouseover = "alert('hello')";
You see I'm trying to change an event like I'd change a property. The first will change the text to hello. I'd like the second to change the onmouseover event to display a hello world alert... but it doesn't seem to do anything.
View 12 Replies
View Related
Dec 2, 2010
In this program my basic intention is that as soon as the page loads, an alertbox will be called displaying the ALT value of image.
<!DOCTYPE html PUBLIC
This is my test page.
It doesn't work. When i used plain javascript alert function in body tag with onload event, it worked well.
This (code) implementation just shows the text in strong tag and the image. There is no messagebox displaying the alt message. Please tell me where I'm wrong. I've already downloaded the jQuery library and it lies in the same folder as this code.
View 1 Replies
View Related
Feb 26, 2010
Just trying to display a javascript alert and for some reason the browser is just displaying the code
I have put the following into a file called test.js but it is just displaying all thie code in the browser - see [url]
I am sure this is something really basic. I have tried this in Firefox and IE
Code:
View 2 Replies
View Related
Jan 28, 2010
The javascripts files in my website are constantly getting injected with malicious codes which redirects my website
View 2 Replies
View Related
Jan 6, 2007
Hi, the following snippet of HTML works fine for standard email clients
but does not do so for web based email:-
<A
HREF="mailto:someone@nodename.demon.co.uk?subject=Freecy cle%20Extension%2
0Help%20File:-%20">Contact Me</A>
Is there a script that would ensure that I can compose an email complete
with address, subject line and some body text that will indeed work with
gmail, hotmail and so on please?
View 7 Replies
View Related
Jul 20, 2005
I'm would like my app to send a preformatted email(with subject and
body) everytime a user pushed a button, like : onclick "
mailto:this@that.com" , without the user seeing anything, i.e. not
being able to edit the message.
Using php, this is very simple; mail("this@example.com", "Subject",
"Line 1
Line 2
Line 3");
is there a way to do this the same, easy way using javascript?
View 4 Replies
View Related
Jul 20, 2005
how can I write a Javascript for a HTML form which when filled will send
an email to the defined email address in the JS code.
View 4 Replies
View Related
Aug 16, 2011
I am having trouble sending a mail using jQuery and PHP.
The problem is that I don't receive the email which is supposed to be send after clicking the send button. (no really)
Firebug and webdevelopment console in firefox 5 does not give an error anywhere.
I think it is in my PHP file, since after the ajax post in jQuery, it does execute the success function, so I guess that it does reach the php page. code...
View 1 Replies
View Related
Sep 3, 2009
I use this code to validate e-mail addresses:
// checks if the e-mail address is valid
var emailPat = /^(".*"|[A-Za-z]w*)@([d{1,3}(.d{1,3}){3}]|[A-Za-z]w*(.[A-Za-z]w*)+)$/;
var matchArray = formSignup.txtEmail.value.match(emailPat);
if (matchArray == null)
[Code]...
What i noticed today, is if a customer registers with an e-mail like: something.something@hotmail.com the first dot throws up the error, i'm not to great on regex
View 3 Replies
View Related
Apr 15, 2011
Pardon me for asking a basic question. I basically need a pointer to an example or ways to learn this -- including an editor I should use for scripting. I would like to do the following:
Divide a window into 3 panes; Display & manage messages in one pane; Each message has a unique subject line; Each message can be opened or deleted or forwarded.
View 2 Replies
View Related
Nov 16, 2005
Is there a simple code that I can use in my form that will get the e mail address from the person and send them an e mail? i have the part where they enter the e mail address. I just don't know where to go from there in the javascript. Any clue??
View 3 Replies
View Related
