Can a plugin stop some malicious scripts to be executed?
Say, i have my plugin installed in my browser. Can this plugin go through the html contet of the site and stop the execution of activeX, action scripts, flash, pdf anything like that?
I'm using jQuery and i have an animation effect which is executed via two methods:-
method 1: clicking on a nav link.
method 2: manually scrolling past a specified point.
Now, since method 1 will make the page scroll to the relevant anchor, by it's nature, it will trigger method 2.
What i need is a way to prevent method 2 from executing if method 1 is in operation.
The problem is that it stop working of Firefox after about two hours. I used it on the main page and leave it working and afterabouttwo hours the picture stop moving and there is only one pictureshown.
View 16 Replies View RelatedAIUI, it was not all that long ago when the threat to personal users,
was attachments that when executed compromised machines with keyloggers,
trojans, etc.
Now it seems that the big problem is reading a webpage or an HTML e-mail
and getting affected through the scripting. My understanding is that
the script downloads the malicious program from the web and sets it to
run on start up through the start-up folder or in the registry.
I don't know much about this; can someone suggest a good web site to
start learning a bit more about these threats. I have googled, but I am
not quire sure of the best search terms, and since there is so much
information out there, a site that experienced people endorse would be a
lot of help.
In particular, it seems as if JavaScript dowloading a trojran without
the user clicking an attachment is a big problem.
I have a website that allows users to enter complex mathematical formulas into a text field and evaluates them.
I am currently using eval() because it not only can handle all the standard mathematical functions, but also gives them access to the Math object. That way the users can use functions such as Math.max() and everything else.
I realize, though, that using eval is evil, I assume because a malicious user might throw in some more damaging javascript that would be run without checking it. (That's why eval is evil, right?)
Is there a way that I can allow my users to construct complex mathematical formulas and use the Math object (or an equivalent) without potentially opening my site up to harm?
Besides malicious intent, why would someone disable javascript for general web browsing?
View 24 Replies View RelatedSo today I have discovered some malicious JavaScript code inserted into a bunch of my pages on a webserver. Access to these pages through FTP is granted to 3 people, myself, my boss, and a contract programmer. Unfortunately, the FTP server wasn't set to log, so I can't tell for sure if it was the programmer, but my assumption and suspicion is that it was him.
This code was inserted at the bottom of multiple pages. I can't make heads or tails of it, but it cannot be good, whatever it is. When I view the page that it was on, I noticed the web browser connecting to [url]. Browsing to this page takes you to some foreign hosting site. Googling superseasilver.ru only provides a page that has this address listed in a blacklist.
Code below:
This article was just published on [URL].. As I read it this is about a new twist to an old issue. (see excerpts below) 1 - I thought JavaScript was in a "sandbox" and prevented inappropriate access to the local machine. Is this no longer true?
2 - More to the point: Can or are any modifications to JavaScript be done by the JavaScript development team... who ever that is (Oracle?)... to fix what ever JavaScript vulnerabilities are being exploited?
3 - Are there other defenses for the client machine other than those mentioned in the excerpt below? (Turn off JavaScript in their browsers, etc.) 4 - If there is no vigorous response to this by the JavaScript development team how can we continue to create apps with JavaScript as such will encourage people to simply turn off java script in their browsers and that will encourage other web developers to simply not use JavaScript on their sites.
5 - Is Oracle the "owner" or "keeper" of javascript? I looked on the Oracle Forums and saw no forum for javascript. If not Oracle who is addressing issues like these?
Article Excerpts: More recently still, the spammers started embedding the JavaScript inside the HTML file (rather than as a simple file attachment), to spread the horrible Zeus banking Trojan.
"So yes, a seemingly innocent HTML email attachment can do plenty of damage, and while quite stealthy, definitely not harmless," concludes Barracuda Labs' researcher, Dave Michmerhuizen. The only defenses against this sort of attack are either for it to be filtered at the gateway so it never reaches the user, or for the user to disable JavaScript in their browser. Security software on the PC might catch the exploit.End Excerpt.
The javascripts files in my website are constantly getting injected with malicious codes which redirects my website
View 2 Replies View RelatedI m trying to make a person stay on same page on cancel, but the confirm takes the user to the next page like they press ok. how can i stop it? code...
View 1 Replies View RelatedI'm trying to create a text field that, when two or more characters
are entered, the form is automatically submitted. The trouble I'm
having is knowing when the onSubmit handler is fired. It's supposed
to be executed when the form is submitted. I'm doing a submit via JS
which should cause the form to run the onSubmit handler. But, it
isn't. This leads me to believe that calling submit() is different
from a hard submit. True?
can anyone tell me why the second 'alert()' is not executed here?
The first 'alert()' pops up (so I know I am inside the 'if'), but not the
second one, and orderNum is not set....
Ive got the following code :
in aspx file
in head:
<script type="text/javascript">
function LoadBlocks() {
$(".LoadBlocks").click();
[Code]....
Like i said above when I call LoadBlocks function the click in executed in code behind but nothing else in the javascript function is beeing executed , not event an alert
I have the following code
Code:
function hideDisplaySingleSuite(textstring) {
var myclass1 = new RegExp('\b'+textstring+'\b');
//Populate the array with all the page tags
[Code].....
are executed, meaning that first the rows with a class is shown and then they are hidden.
I would like to ignore onUnload action when the user reloads the page!!
View 6 Replies View Relatedi need to wrap the following code with (function($){ ... })(jQuery);But when i do so than the callbackfunction jsonpCallback will not be executed anymore.I hope someone can explain that to me...
// ( function($)
{$(document).ready(function() {
var error_container = $('#ul_demo_error')
[code]....
I have a div with a click event that fires a show('slow')... however if the user clicks on the div multple times the animation plays that many times... is there a way to make it so that the click event is only executable once the animation is complete?.
View 2 Replies View RelatedI am experiencing some crazy stuff, at least crazy to me Both the 'if' and 'else' blocks (according to firebug) are being executed in the following anonymous function:
[Code]...
how I could use firebug to step through massive amounts of javascript that were written by someone else. I'm trying to figure something out for work which has me stumped.
An old co-worker wrote some scripts based on prototype to show input fields on a form when certain options were selected on the previous input fields. I'm trying to duplicate his old code but for some reason it's just not working. I can see that the reason those input fields aren't showing up is because display:none is being added on to the element by the js on the second step after the breakpoint (break on attribute change in firebug). This happens on the working page as well but the working page has about 10 more steps afterwards that eventually remove that style.
I am writing an extension to a third party application. this
application generates code dynamically using insertAdjacentHTML(). I
want to execute my function whenever the insertAdjacentHTML is called.
Does insertAdjacentHTML() fire any event that i can handle and execute
my function? or is there any other solution?
I am trying to execute slightly more than "Hello, world" using .ajax() specifically and with both a success and error callback. I have:
[Code]...
I'm trying to dynamically write out this line of javascript:
obj.offsetLeft
So I want to be able to feed a param of either Top or Left in and then write it out so it gets execuated correctly in the javascript....so i've tried stuff like:
function findPos(axis) {
obj.offset[axis]
and
function findPos(axis) {
obj.offset+[axis]
where axis is either Left or Top
I have some code that gets executed in a document onload event.
I display an alert message box saying that some action was performed successfully.
However the following annoying issue is bothering me.
Whenever someone bookmarks the page, or go back to it, or even refreshes it, then the onload event gets fired again and the alert box appears.
Is there a safe way to make sure that the code in onload will get executed only once? and that cosecutive triggering of the page will not trigger any code execution.
The most important thing to note, is that I pass a parameter in the URL indicating that the code should be triggered in the onload event.
Obviously when I refresh the screen, the parameter is passed again and the code gets executed..
OK that's my HTML [code]...
The unexpected behavior-problem is that wherever the pointer moves between the the <li> elements (next or previous), the whole hide_menu() and show_menu() is executed as if the pointer got out of the div space and re-entered.
How do I add a stop button to stop the clock. Here is my code below.
<HTML>
<HEAD>
<script language="Javascript1.2">
<!--
[Code]....
Using ajax and jquery I'm calling a function on the server code that returns a javascript script that I need to assign to a div and get executed automatically when assigned.So far I couldn't do that, seems that the assigned script to the innerHTML of the div can'r be executed dynamically.Basically I'd like something like assign an alert('hello world') to the innerHTML and automatically see the pop up with the message.
View 12 Replies View Related