XSS Remote Code Execution Vulnerability?
Oct 19, 2009I have discovered a XSS vuln in a website and I'd like to use this as a cookie grabber. If you can help, <removed>.
View 1 RepliesI have discovered a XSS vuln in a website and I'd like to use this as a cookie grabber. If you can help, <removed>.
View 1 RepliesI need to use self.scrollTo(x,y) as the last action in a js function called
by a onClick event. It seems that the scrolling actually takes place, but
the document is then scrolling back to top when js code execution has ended.
In the following example I get this effect in IE6 with the third and fourth
calls, while the first two work fine. Code:
have a select element that has a function attached via onchange. The function does some AJAX using the HTML_AJAX library.
When I use Firefox, if I select an item in the list, then the code executes in a timely manner, which means that I see lines 1 and 2 of my debugging output (displayed at the end of this posting). The code then displays a wait window. A second or so later, I see the third and final line of debugging output when the AJAX call has completed. The wait window then disappears. Yaay!
However (and you knew that this was coming even without the "IE" tag in the subject header, didn't you?), with Internet Explorer, I see no debug output nor wait window until AFTER the AJAX call has completed one second or so later. Suddenly, every line of debug output is displayed and the code is executed. Boo!
"Hold on! Are you saying that your Javascript code isn't being executed until after the AJAX call?"
This is what I am seeing with Internet Explorer! Even if I insert an alert() message in the code, I do not see it until AFTER the AJAX call has completed, even though it appears in the code before the AJAX call. Then, I see my alert() message. I do not see the wait window because it is displayed and immediately closed during the rush of code that executes after the AJAX call has completed. The whole idea of the wait window is to display while the AJAX call is working.
Here is the code for the select element:
HTML Code:
<select id="txtfieldNbNights" tabindex="4"
onblur="return ValidNbNights(this, 4, true);"
onchange="return OnNbNightsChanged(this);">
[Code]....
I'm developing with jQuery quite long right now, but recently I spotted one big problem with execution of jQuery code in Safari and Chrome. So everything is working fine in these browsers until jQuery code is placed in one page. But when using for example tabs plug-in loaded with ajax and on this loaded page exists some extra jQuery code it isn't executed.Co page is loaded but nothing is happening with code which was included. This problem doesn't exists in IE, FF or Opera. It appears only in Safari and Chrome. The same problem is when I'm loading page with $.get, $.post or $.ajax query. So it doesn't affect tabs plug-in but
overall functionality. I was checking that with latest versions of jQuery and UI today.
Subject line would seem to say it all:
How does one trigger the execution of a method within an object or any
other code/function with the setting of an object property?
More elaboration for those who want it:
Suppose we have anObjectType, with a property .description, whose value
can be a string, and the value of .description actually describes the
structure of anObjectType as a string. (The details are not important
about how the structure is described, but if you want something concrete,
think of 'anObjectType' as a DOM Node of type NODE_ELEMENT, and
..description as the property .innerHTML.)
When an instance of anObjectType is created, the value of description is
created with the instance. Indeed, the value of description may not be
set with the construction of anObjectType, but it might be added to the
prototype of anObjectType.
But the property .description is not merely read-only. Fetching the value
of .description returns the string which describes the structure of the
object in a meaningful way.
When .description is set with a value of type string, the string is
checked to see if it properly describes a legally formed structured for
anObjectType, and the instance (and only that instance) of anObjectType is
completely re-built: it might possibly be destructed and then re-
constructed, or all properties (but not methods) which involve descendant
objects are changed to conform to the described structure.
The question is, the setting of a string value of the property
..description of object anObjectType does not automatically trigger a
method/methods (or an exception??) for doing something (such as
restructing the object) as a result of the setting of an object property.
Until now I have used the javascript function eval(), wrapped it in a try / catch block and showen him the error message if the javascript code was flawed.But this comes with the problem that if there is no error the script will be executed.So what I´d like to is use the jquery function globalEval(), wrap it in a try / catch block and display the error message if the script does not run sucessfully as I have done before,BUT:if the script would execute without an error I´d like to use some kind of preventDefault so that the script would not be executed at all and instead I could show the user a message that the script passed validation.I know that the way I propose is not possible as the script has to be executed somehow so that possible errors are generated...does anyone have an idea how to do what i propose ?
View 8 Replies View RelatedI'm trying to build an image gallery and I want to shrink all the images a bit to allow for enlarging them on mouseover. I have it working fine locally, but when deployed to my server it doesn't work because the image files are still loading as the javascript executes. What I wind up with is the js using the image's alt tag's text size as the image size, which then gets resized to create a squashed image. What I want to do is preload all the thumbnail images before the the function to resize them gets called so the resize function has the proper dimensions of the images to do the transformation on. I'm using the jQuery.Preload plugin for my preloading functionality.
$(document).ready(function(){
[Code]...
My expectation of this code is that the enable_anim_resize() function will not be called until all the images are loaded, but I don't see any difference in this execution than if I just sequentially put in my resize code after the preload line and didn't use the onFinished callback for the preload method (example below:) $(document).ready(function(){ From my understanding of the documentation and examples of the preload plugin, the enable_anim_resize() function shouldn't be called until all images on the page are loaded, at which point the proper dimensions of these images should be available for correct resizing. Can anyone clue me in on what I'm missing here?
How to build the code snippet that a 3rd party would add to their website page and the corresponding remote script that draws a review badge on a site similar to how tripadvisor does it?
You can see an example here if you scroll down to the bottom: http://www.hotel-grandmajestic.cz/en/about-hotel
Here is the source from that webpage code...
I am new to javascript, I have one question, how can I use javascript to get the IP address of the remote user or remote web browser?
View 9 Replies View RelatedThe client we're building a site for recently had a server wide scan done by [UR] for PCI compliance. This was required by their banks commercial credit card service. The report came back with a "Possible blind sql injection" vulnerability warning level 4 out of 7 for the Superfish menu javascript. Anything 4 and above keeps them out of compliance. This file is for the Superfish menu. Is there a workaround for this potential issue?
View 4 Replies View RelatedIt prints 0,1,...,9, but you cannot see the word "hi". It seems that it prints "hi" then executes the listnum function. But the listnum function is placed before "hi". Could you
give me some info on order of execution?
<HEAD>
<SCRIPT language=JavaScript>
function listnum() {
i=0
do {
document.write( i + "<br>")
i++
} while(i<10)
}</SCRIPT>
</HEAD>
<BODY onload=listnum()>
hi
</BODY>
Given a page with a "header" and "main" frame, is there some way from the "header" frame to initiatere-execution of the JavaScrip/HTML code in the "main" frame? I don't want to have to reload "main".
View 4 Replies View RelatedI would like to have two actions for one event. But I want the second action to trigger when the first one action completes. Is it possible to do this in javascript? I'm using the onclick event.
View 23 Replies View Relatedis there any specific function in Javascript / jquery which delay the functionality
I use SLEEP() funciton in php to add delays .
How to know the execution time of a function? For example, which of these functions run in less time? That is, which of these functions are more weightless to run?
document.getElementById("my_image").src = "images/picture.png";
//or
document.getElementById("my_image").style.webkitTransform = "rotate(45deg)";
I would like to have two buttons on the page. When visitor clicks on first, I would like to start looping through numbers for example from 1 to 100. When loop gets to the end, I would like to start it over and stop it when user click on the next button.
My concern is if this is safe. What if user waits for 1 minute or more to click the second button which should stop the loop and pick up the number where it currenly is? Will it cause browser to warn user that the script is slowing down the browser? How can I avoid this?
I have a site and in that I don't want to users pressing tab key and also shift + tab key. So I need a small javascript code for preventing execution of tab key and Shift+Tab Keys.
View 1 Replies View RelatedI'm developing a webpage that is composed by several divs. These divs
are supplied by the server depending on the user that made the request.
Some of these divs require some javascript functions to be called when
they are added to the page. I add the content using innerHTML (function
renderPage(data) ....
I currently have a situation where I have images that load when a user scrolls to the bottom of a page. I also have part of the same function call .remove() on the top 2 images if the number of currently loaded images exceeds 10. The trouble that I am having lies in the .remove() is causing the scrollbar to move down, calling the image-loading part of the function again (essentially a chain reaction of image loads and elements being removed if a user scrolls down while images are being loaded).
I was wondering if I can use setTimeout or a similar function to prevent .remove() from executing until images have been completely loaded?
$("#message").html(calcScroll);
if (calcScroll == 0 && curPageIndex + 1 < totalCount) {
$("#message").html("loading new images");
window.setTimeout(function () {
[Code].....
i have the following two pieces of code:
function slideOut() {
var $slidy = $('#slideout');
$slidy.animate({
right: parseInt($slidy.css('right'),10) == 0 ?
-$slidy.outerWidth() :
[Code]...
As long as i return false and the link is an anchor, i can see the menu slide out. Which is quite clear to me why. When i use a link with a href on another page though, the "jump" is executed before the animation ends most of the time even before it starts.
I would like the click to be delayed weather a certain condition kicks in, or some time passed to end the slide and then jump to the new page. I have been looking throughout the web and found no hint helping me to tackle this. delay() and setTimeout() dont seem to work the way i used them.
I am sure there is a way, its just the blind man's stick in my eye that keeps me from it. I hope someone can help me with this.
Heres the general idea of what I want to be able to do
[Code]...
What I've already build can be found on demo. The Idea:I wanted to build a menu that when you hover the menu button the menubuttons slides up, when it is ready all the menubuttons will slide down. The next may slidedown when the first one is ready, etc.When you leave you mouse outside the picture, all the menuitems must slide up (like to have them slideup like it works when they slidedown) and the menubutton must slide down.The idea works, so that's not the problem, maybe the code could be better, but I thinks that's for later.The problem:When a user hovers very fast between menubutton and outside the picture the menubutton is slidedup, down etc. When you do this even faster the menuitems are stuck and shown, and that is not what I want.
View 4 Replies View RelatedI've noticed after some code investigation that I cannot execute jQuery within 'included' php sites. The structure looks like the following:
[Code]...
I'm not sure if the subject describes what I'm asking very well, but it's the best I can think of. In this example:
$(".nav a").bind("click", function(event, i) {
});
Is there a way to get the index of the a you clicked passed into the handler? Like if I clicked the second A i would = 2.Same question for any jquery method actually. Since they all work off of collections I'd like to be able to get the index on anything.
is there a way to run js functions one at a time? example, this is part of some code i
have:EvalSound('CorrectIs');
WrongAnswer();
PlaysRemain();
[code]....
See my code:
I don understand why this javascript:document.write(b); doesnt work in url...