Using Javascript For Moderate Security .js Included

May 29, 2006

What I'm trying to do is put my favorites online so that I can access them from any computer. A friend of mine does this, but he's just relying on it not being bookmarked by anyone and not having his email and being in an obscure directory on his website. I'd like to take it a bit further for myself.

I had considered that the file would be something simple like f.html. f.html would get user input, from me, as a "password". However, the code would not validate the proper password (readable by a smart person) but the password would instead be a directory name. The javascript in f.html would then concatenate the variable received into a string that would be the name of the .js file to include (stuck out in some obscure directory). The included file would then proceed to write all the links. Code:

View 2 Replies


ADVERTISEMENT

Security Of Javascript

Jul 20, 2005

I was wondering if using Javascript to redirect a user, on the client
side, to different pages depending on what they entered was insecure.
I do not want the user to be able to view the source of the page. I
am having the user enter in some input using the input dialog box and
then using a window.location redirection based on their input. Is it
possible to view the source of a page after the input box has closed
but before the new page has loaded, ie. while the browser is
requesting the new page?

View 2 Replies View Related

Javascript & Windows XP SP2 Security

Jul 23, 2005

As most Javascript coders probably know by now, IE on Windows XP SP2 likes
to prevent our code from running right away (the user is asked to give
permission the first time). Although I can see the danger in allowing all
scripts to run, the fact that IE makes it sound like we are going to install
some huge, horrible application when we are simply adding rollovers or
client-side validation or some other simple little thing really frustrates
me. Specifically what stuff does IE block? Does it check for certain methods
in the script? Does it block everything until you say it's OK? What can
places do to allow their scripts to be run without the need to be validated
by the user? I have heard about "Signed Scripts", but I feel that it would
be hard to modify and develop when a script had to be "Signed" every time.
Any comments?

View 2 Replies View Related

Javascript Security Specification?

Aug 27, 2006

I am looking for the official javascript security specification for web
browsers. EMCAScript and DOM spec does not seem to contain a section on
security, so I assume none exists and the security policies are
implemented as the vendor pleases. If so, do security specs for IE and
Mozilla exist?

View 1 Replies View Related

Javascript Security Flaw?

Apr 28, 2005

Some may remember a security flaw in Firefox 1.0.1. It basically goes like this: HTML Code:

<a href="[TRUSTED_URL]">
<table><tr><td>
<a href="[MALICIOUS_URL]">download
</a>
</td></tr></table>
</a>

and with it the developer can trick users into going to or downloading files different from what the user expects.

I recently discovered that you can spoof the status bar in any Javascript enabled browser by the following method, and I'd like to know:Is it a real security flaw?If not, how is it less dangerous than the above method?If so, do I get bragging rights for discovering it, or is it already known? Code:

View 2 Replies View Related

Editable Combobox With Javascript (source Included)

Jul 23, 2005

This ist the source-code for an editable combobox implemented with HTML,CSS and Javascript. I have tested it with IE and Mozilla. But I don't know, if it will
work in other browsers (Opera, Konqueror, etc.) So I need your feedback... Code:

View 1 Replies View Related

Same JS File Included Twice?

Aug 15, 2005

I'm debugging a large app and one of the pages includes the same javascript file twice. Obviously, I will be removing one instance.

<script src="file.js"/>
.. a little later...
<script src="file.js"/>

Now the file contains functions, so no danger of variables being overridden, but can anyone tell me what the net effect of the above is?

Are there two versions of every function in memory?

And will it take longer for the a call from the HTML file to one of the functions to execute?

View 3 Replies View Related

JQuery :: Get The Text Included In A Div?

Jul 19, 2011

what I mainly want to do is to get the div's content and pass it in a variable. To explain what I have done until now :

I have my php file that contains the code :

<?php
$connect = mysql_connect("localhost", "...","...") or die("Could not connect to the database.");
mysql_select_db("...") or die("Could not find database <...>");

[Code]....

As I have read here, this should have done mydata="6" (is the current result)?

View 4 Replies View Related

How To Know *included* .js File Location ?

Aug 20, 2005

Simple question but google and the forum search function didn't helped me.

if I include a script on http://www.mywebsite.com/foo/index.html , say:

Code:

<script type="text/javascript" src="/include/path/myscript.js"></src>
is is possible to myscript.js to access *his own location* (here http://www.mywebsite.com/include/path/myscript.js )?

(again, I don't want http://www.mywebsite.com/foo/index.html location, but the included script location) ...

View 1 Replies View Related

Reloading Included File

Mar 3, 2007

does anyone can send me an example how to reload a div? I have an asp included file inside a div and i'd like to refresh it..

View 5 Replies View Related

Calling Functions That Were Included Through PHP?

Oct 3, 2010

I have a problem calling Javascript functions that were included through PHP. The site is written in PHP. I

View 11 Replies View Related

JS And Security.

Sep 1, 2005

According to a financial website I tried to access without javascript:
"the site uses JS for security reasons."

How would using JS improve security?

View 15 Replies View Related

Security

Jan 30, 2006

I have an application which runs with secure access. User logs in,
uses the services, and logs out. After logging out, if the user click
the back button, it actually takes them to that page. How can I
prevent this?

Is there a way, that if the person clicks the back button or access a
browser history, how can I make sure that the latest page is displayed
instead of just the cache. Or, clicking the back/history should
refresh that page.

View 8 Replies View Related

Passing A C# Variable To Included File?

Aug 31, 2010

I few sites said to (in the js file) put the varible in <%= %> these tags but thats not doing any good. Is there some other part needed to this I'm missing. The javascript I'm using is in a file I included in my VS project.

View 3 Replies View Related

Value Assigned To Button Needs To Be Included In Calculate

Jun 6, 2011

I have had a go at another calculator I am making and got stuck. I want to use the F value determined by the first toggle button in the calculation. I dont understand why the calculation wont work as it is stated in the if/else statement.

View 3 Replies View Related

Getting The Height Of The Browser Scroll Included

Sep 1, 2009

I am able to get the height of the browser w/o the scroll bar, but I need a way of getting the height of the browser with the scroll bar. How can I do this with javascript?

View 1 Replies View Related

Calling Function From Included Page?

Jul 5, 2010

I have this structure:includes/top.php : This contains <head> tags, jQUery library & functions :

<script type="text/javascript">
function makeslider()
{

[code]....

View 1 Replies View Related

Function From Included File Not Responding

Sep 8, 2010

From a click event I'm calling a javascript function if the function is written in same page it is calling, but if I include function in different page(here in selectuser.js file)

View 1 Replies View Related

Security Issue

Jul 23, 2005

I have a intranet site that allows users to log in and get excel
reports. The user clicks the name of the report and it opens it from a
folder for that user. Easy enough. The problem is that the path of the
folder for that user is displayed in the Status Bar when it is being
downloaded. I've discovered that users are grabing that path, changing
the folder name, and can then access other folders. I don't want that
to happen.

View 1 Replies View Related

Run JS In IE And NOT Get The Security Prompt?

Oct 14, 2009

I'm working on an html form that will be launched from within another application, but every time it launches the form none of the JS coding works because of the stupid IE security. If I launch the form from outside the application I just have to select "allow blocked content" from that stupid information bar that says "to help protect your security IE has restricted the webpage from running scripts...."

I added the application site to our trusted sites and basically turned off security for that zone but it still doesn't work. Obviously there is a way to run JS without allowing the content, but I don't do enough coding to know how that is done.I need the JS to run automatically without that information bar appearing at all.

View 4 Replies View Related

Ajax And Security

Aug 28, 2007

If my Ajax is set up like

html <--->ajax(js)<--->server(php)

it would be easy for someone to copy the html and javascript pages to their site and then access my server pages. I don't suppose it matters much if someone did that as long as the php page had proper validation but is it possible to block someone linking to my server pages like that.

View 4 Replies View Related

How To Abort Loading Of Dynamically Included <script>

Jan 4, 2007

I'm writing a small async webapp. in JavaScript and I'm using <script> element technique to load data. I'm usign <scriptbecause of cross domain restrictions with XmlRequest.

The problem is when I remove a element that is currently loading from DOM (with removeChild) Firefox still loads it and waits with other scripts.

What I want is to break this process and load a new data without waiting for old one.

Here is example script:

View 2 Replies View Related

SRC Parameter Not Working In Mozilla When Path Is Included

Jul 20, 2005

I normally use Mozilla 1.4 on Windows XP Pro.
As I was developing some test webpages, I discovered that the SRC
parameter doesn't seem to work when a path is used with the filename.

In one example, when I want to run a JavaScript from an external file
(i.e., not inline), I would do the following ...

<SCRIPT LANGUAGE="JavaScript" SRC="program.js"> </SCRIPT>

If "program.js" were in a different subdirectory than the .htm file
referring to it, the filename would have to be prefixed by the
pathname as follows ...

<SCRIPT LANGUAGE="JavaScript" SRC="/mydir/program.js"> </SCRIPT>

But when I ran the above from within an .htm file loaded locally into
Mozilla, it did not work. (The result was as if the above code weren't
there). However, when I ran the identical code on Internet Explorer
(v.6), it worked. Code:

View 13 Replies View Related

Test For Security Settings

Sep 1, 2005

Is there a way to test for security settings in a users browser AND
their firewall. Lets say someone is using zonealarm. Is there a way
to test for their setting in zonealarm, so I can then redirect them to
a specific page.

The reason I am asking is that I have a flash front page. A user
cannot see the page because he has his security settings set so that he
does not see activex controls. I want to be able to test for those
settings then redirect him to a static page.

View 11 Replies View Related

Security-glitch In IE Using XMLHttp?

Sep 7, 2005

It's a security setting "Access Data Sources across domains" you've
got lowered security for whatever zone you accessed the page in.

View 3 Replies View Related

Detecting Htaccess Security

Oct 5, 2007

I am writing a script that uses xmlhttp.open, when i attempt to open a protected page I get the login prompt for my htpasswd. Is it possible to detect if there is a login requirement before the login prompt and if there is a login just do something else? I can use xmlhttp.status and check for 200 but if I do this then it would happen after the login prompt.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved