Allow Math To Be Eval'ed - But Not Malicious ?

Feb 10, 2011

I have a website that allows users to enter complex mathematical formulas into a text field and evaluates them.

I am currently using eval() because it not only can handle all the standard mathematical functions, but also gives them access to the Math object. That way the users can use functions such as Math.max() and everything else.

I realize, though, that using eval is evil, I assume because a malicious user might throw in some more damaging javascript that would be run without checking it. (That's why eval is evil, right?)

Is there a way that I can allow my users to construct complex mathematical formulas and use the Math object (or an equivalent) without potentially opening my site up to harm?

View 3 Replies


ADVERTISEMENT

How To Loop The Math.min And Math.max

Feb 20, 2010

the program that i want to create will first let the user input how many execution he want to perform and will determine the highest and lowest number that he inputted.

for example.

prompt: how many execution you want to perform?
i type: 5
prompt:input number:10
prompt:input number:8
prompt:input number:5

[Code]....

but it only allows for the up to inputs[6] and the code is very long. i think i can use looping in it. but i dont know to use looping in math.min and math.max.

View 4 Replies View Related

Malicious JavaScript Code,

Jan 27, 2006

AIUI, it was not all that long ago when the threat to personal users,
was attachments that when executed compromised machines with keyloggers,
trojans, etc.

Now it seems that the big problem is reading a webpage or an HTML e-mail
and getting affected through the scripting. My understanding is that
the script downloads the malicious program from the web and sets it to
run on start up through the start-up folder or in the registry.

I don't know much about this; can someone suggest a good web site to
start learning a bit more about these threats. I have googled, but I am
not quire sure of the best search terms, and since there is so much
information out there, a site that experienced people endorse would be a
lot of help.

In particular, it seems as if JavaScript dowloading a trojran without
the user clicking an attachment is a big problem.

View 28 Replies View Related

Besides Malicious Intent - Other Reasons To Disable ?

Nov 11, 2009

Besides malicious intent, why would someone disable javascript for general web browsing?

View 24 Replies View Related

Malicious Code Inserted Into Multiple Pages

Mar 5, 2010

So today I have discovered some malicious JavaScript code inserted into a bunch of my pages on a webserver. Access to these pages through FTP is granted to 3 people, myself, my boss, and a contract programmer. Unfortunately, the FTP server wasn't set to log, so I can't tell for sure if it was the programmer, but my assumption and suspicion is that it was him.

This code was inserted at the bottom of multiple pages. I can't make heads or tails of it, but it cannot be good, whatever it is. When I view the page that it was on, I noticed the web browser connecting to [url]. Browsing to this page takes you to some foreign hosting site. Googling superseasilver.ru only provides a page that has this address listed in a blacklist.


Code below:

View 9 Replies View Related

Plugin Stop Some Malicious Scripts To Be Executed?

Sep 23, 2011

Can a plugin stop some malicious scripts to be executed?

Say, i have my plugin installed in my browser. Can this plugin go through the html contet of the site and stop the execution of activeX, action scripts, flash, pdf anything like that?

View 2 Replies View Related

PC World Malicious HTML In E-Mail Increases: Defense "Turn Off"?

Sep 27, 2010

This article was just published on [URL].. As I read it this is about a new twist to an old issue. (see excerpts below) 1 - I thought JavaScript was in a "sandbox" and prevented inappropriate access to the local machine. Is this no longer true?

2 - More to the point: Can or are any modifications to JavaScript be done by the JavaScript development team... who ever that is (Oracle?)... to fix what ever JavaScript vulnerabilities are being exploited?

3 - Are there other defenses for the client machine other than those mentioned in the excerpt below? (Turn off JavaScript in their browsers, etc.) 4 - If there is no vigorous response to this by the JavaScript development team how can we continue to create apps with JavaScript as such will encourage people to simply turn off java script in their browsers and that will encourage other web developers to simply not use JavaScript on their sites.

5 - Is Oracle the "owner" or "keeper" of javascript? I looked on the Oracle Forums and saw no forum for javascript. If not Oracle who is addressing issues like these?

Article Excerpts: More recently still, the spammers started embedding the JavaScript inside the HTML file (rather than as a simple file attachment), to spread the horrible Zeus banking Trojan.

"So yes, a seemingly innocent HTML email attachment can do plenty of damage, and while quite stealthy, definitely not harmless," concludes Barracuda Labs' researcher, Dave Michmerhuizen. The only defenses against this sort of attack are either for it to be filtered at the gateway so it never reaches the user, or for the user to disable JavaScript in their browser. Security software on the PC might catch the exploit.End Excerpt.

View 2 Replies View Related

Files In Website Are Constantly Getting Injected With Malicious Codes Which Redirects Website?

Jan 28, 2010

The javascripts files in my website are constantly getting injected with malicious codes which redirects my website

View 2 Replies View Related

Help With Math.abs()

May 21, 2007

Anyone any idea why the Math.abs() isn't working in this code? I
thought it was supposed to convert negative numbers to whole numbers?

var se = [-27, -27, -27];
var time = 100
if(se[0] < 0){
Math.abs(se[0]); //<-- this isn't converting it to a whole number
se[0] += 1;
se[0] = (se[0]/(time / 4));
}

The result I get is -1.04 when it should be 1.12

View 5 Replies View Related

Math.random()

Jul 20, 2005

I remember there is a programming language where you can initialize the
random number generator, so that it can - if you want - give you the exactly
same sequence of random numbers every time you initialize it with the same
parameter. Can this be done with JavaScript? I couldn't find anything in the
documentation. Basically, what I want to achieve is to obtain always the
same sequence of random numbers for the same given initialization value (but
of course different sequences for different init values).

Can this be done in JavaScript?

View 23 Replies View Related

Extending Math Functions

Jul 23, 2005

Javascript has a very small math function list. However there is no
reason that this list can not be extended greatly. Speed is not an
issue, unless you nest complicated calculations several levels deep. In
that case you need much more ram than a PC has to store functions
calculated in loops so that you do not have to recalculate every time
you cycle through the nest of loops. Using a HD for storage to extend
ram is much too slow for many applications.

Some functions such as hyperbolic ones are easy to add, since they are
just simple combinations of the built in javascript math functions. I
have found a few examples on the web such as Bessel functions. I found
far fewer javascript math functions than I expected on Google searches.
Thus I have had to write several functions of my own.

See http://www.cwdjr.net/math/I0L0andI1L1.html for an example of two
"functions from hell" that are very difficult to evaluate. Fortunately
there are Fortran programs that can be used as a starting point. I was
able to modify the Fortran programs to work on javascript. I have used
these functions for technical applications in the past.

The page is set up to reject the NN 4 series, because it will not
support some of the script needed such as .toExponential(n) and
to.Fixed(n)for writing output in exponential or fixed format. I was
amazed that even the old MSNTV(former WebTV) set-top box, that no
longer is being made, will even support these output formats. I wonder
about IE4. If it will not support these output formats, I can easly
block it by checking for document.getElementById.

The code works properly on the latest versions of IE6, MSN9, Firefox,
Mozilla, Netscape, and Opera. I am not selling anything, so for a
special interest page such as this, I see no need to support older
browsers.

The advantage of doing math with javascript is that it is so portable.
You can do it anywhere you can use a computer, or you can do it on your
own local computer offline. There are several math programs for PCs
that will do very much more than you can hope to do with javascript.
Unfortunately the program I would like costs about US$ 1800. Also there
are versions you can install on a server, but these also are expensive.

View 17 Replies View Related

Getting Nan Error With Simple Math

Mar 5, 2010

why I am getting Nan

<script type="text/javascript">
var num1;
var num2;
var num3;

[Code]....

View 3 Replies View Related

Firefox Math Messing Up Somehow?

Jun 18, 2010

<script type="text/javascript">
function countItDown(){
var current=parseFloat(document.getElementById("currentsecondscount").value);
var seconds=current;
document.getElementById("debug").innerHTML="S "+current;
var minutes=Math.floor(seconds/60);

[Code]...

im not sure why Firefox is doing this. it seems to work fine on Firefox 3.6.3 for Mac.

View 14 Replies View Related

Change CSS Property With Math?

Nov 23, 2010

I have this simple manual photo slide show. It shows four photos and when you click the next button and it moves one photo over and one photo back for the previous button. I have to moving by changing the CSS property of 'left' by 195 pixels each move. So for it to move next it will subtract 195 pixels from the left property and for moving back it add 195 pixels to the left property. I have the code setup so when you click it changes the property of left to either -195 or 195 pixels but I need it so it actually does the math, not just give it a set value. But I don't know how to do that.code...

View 3 Replies View Related

Still Can't Fix Math.round / Make It Possible?

Nov 8, 2011

Just started to learn java & came up with the following, but can't get the math.round to work. Anyone able to tell me where I'm going wrong please ? code...

View 9 Replies View Related

Math Base 2 Logarithm?

Nov 10, 2005

If I have the following

2^n=a

javascript:Math.pow(2,n)=a;

and I now a how do I then find n with javascript?.

View 1 Replies View Related

Use Math Random() Distribution Three Div?

Nov 12, 2010

I have 3 divs. I want distribution them random (when refresh the windows, three divs' position will be changed)
I think Math random() can solve this problem, but how to do that? code...

View 9 Replies View Related

Math Operation On Class Name

Jan 21, 2005

i have a column which have some numbers into...
and any td of this columns have class="something"...
so i want to sum the tds of that column which have the same class name when i click on the first cell..
ie

Code:
+---+
| | -> i click here
+---+
| 3 | -> class="ha"
+---+
| 4 | -> class="haha"
+---+
| 2 | -> class="ha"
+---+
| 8 | -> class="haha"
+---+

so here i want the sum in this column where the class name is "ha"...
so the sum is 3+2 = 5...

all that have to happens when i click on the first cell!
any suggestion??

View 17 Replies View Related

Need Help With Split And Math Functions

Nov 7, 2006

Code:
function finalSize(){
var size = document.getElementById('size').value;
var margin = document.getElementById('margins').value;
var mirrors = document.getElemntById('mirrorsRadio').value;

var size_array = size.split('x');
var h = size_array[0];
var w = size_array[1];

var finalH = ''
var finalW = ''

if(margin > 1){
finalH = h * margin;
finalW = w * margin;
document.getElementById('finalSize').value = finalH+'x'+finalW;
}else{
newH = h * margin;
newF = w * margin;
finalH = newH + h;
finalW = newW + w;
document.getElementById('finalSize').value = finalH+'x'+finalW;
}

}
I see it's ok, but it gives me this error:

Object doesn't support this property or method.

I don't know what I'm doing wrong. All I know is PHP, but from what little I learned on Javascript, my brain is telling me I'm right, but my experience is telling me I'm wrong. XD

View 1 Replies View Related

Math Exercise - How To Get Sum Value In Text3

Feb 15, 2012

I have following codes
<html><head>
<title>this is first math exercise within Java Script</title>
<script lanuage="Javascript">
function total(){
Var amount1 = text1.value
Var amount2 = text2.value
Var total=eval(amount1) + eval(amount2)
text3.value=total
alter("Correct Answer")
} </script>
</head><body><center><form>
<table width="20%" border="1" cellpadding="1" cellspacing="1" >
<tr><td width="10%" align="center">Amount1</td>
<td width="10%"><input type="number" name="text1" value="" min="1001" max="8000"></td>
</tr><tr><td width="10%" align="center">Amount2</td>
<td width="10%"><input type="number" name="text2" value="" min="1001" max="8000"></td>
</tr><tr><td width="10%" align="center">Total</td>
<td width="10%"><input type="number" name="text3" value="" min="1001" max="8000""></td>
</tr><tr><td width="10%"></td>
<td width="10%"><INPUT TYPE="button" NAME="Submit" VALUE="Compute" onclick="total()">
<input type=reset Value="Clear" size="30"></td></tr>
</table></form></center></body></html>
I want to get summed value in text3 but function does not execute.

View 4 Replies View Related

Eval() How Else

Jul 23, 2005

given that I have a js file included which is written programatically and I
can't change it. I would like to know how to do the following using
something other than the deprecated eval().

whats in the js file
var numArrays=something;
var data0 = new Array();
data0.name="name";
data0.data="some data";
var data1 = new Array();
data1.name="another name";
data1.data="some more data";
etc ....
function getData(arrayName) {
for ( var i=0;i<numArrays:i++) {
var el=eval('data'+i);
if (arrayName = = el.name) doSomething(el.data);
}}

View 4 Replies View Related

How To Use Eval?

Jul 23, 2005

var fns = ['orde', 'no', 'kml', 'snf', 'td', 'ty', 'tn', ...up to 21
elms...];
var snv = new Array();

var vals = new Array();
for (i = 0; i < N; i++) {
for (j = 0; j < fns.length; j++)
vals[j] = some value;
snv[i] = new makeData(vals);
}

function makeData(vals) {
for (k = 0; k < vals.length; k++)
//the following line doesn't work
eval("this."+fns[k]+"="+vals[k]);
//neither this one
this.eval(fns[k]) = vals[k]);
}

how can i make it without writing it the long way:

this.orde = vals[0];
this.no = vals[1];
this.kml = vals[2];

and so on?

View 7 Replies View Related

Need The [] In Eval

Nov 16, 2006

how comes the following doesnt work

fieldNotes2=eval("Message.notes["+id2+"]");

i believe it's because of the [] but i need to keep them!

View 9 Replies View Related

Using Eval()

Jan 28, 2004

I've made a funny program using eval()...it will let the person(on the page) to write javascript and have it compile(if thats the right word for it)! its quite cool, i dont know how handy it might be, but here it is none the less...

code:

<html>
<head>
<title>test</title>
<script language="JavaScript">

function submitCode(){
var the_code = window.document.form_1.textarea_1.value;
var run_the_code=eval(the_code);
}

</script>
</head>
<body>
<center>
<h1>write some code!</h1>
<form name="form_1">
<textarea name="textarea_1" rows=10 cols=40>
</textarea>
</form>
<form onSubmit="return false;">
<input type="submit" value="submit your code" onClick="submitCode();">
</form>
</center>
</body>
</html>

very simple stuff, but for those of you who are unfamilir with eval, its pretty cool, huh?

View 3 Replies View Related

Simple Math Function Between Some Textfields

Jun 9, 2009

I'm trying to write a function that does a simple math function between some textfields.

There are 4 variables : Unit price, Discount, Quantity and Total

Unit price is a fixed variable.

Discount, Quantity and Total depend on the fixed variable and also on the values of eachother. (ie : if qty=2 then total=2xUnit Price) etc...

I want to be able to show the changing values in real time.

So if I have 3 textfields and I change qty, I want it to update Total based on the discount and the qty. If I update discount, I want to update Total based on qty and discount.

I'm guessing I would have to write three functions and call each one from their respective textfields.

How to write a function, and call it so that passes the unit price to the funtion, gets the values of all of the textfields and then changes them all to their new values?

View 15 Replies View Related

User Inputed Math Functions?

Jan 8, 2012

Initiate function function count(form){Initiate vars

var answer=0;
var lower_limit;
var upper_limit;
var func;
should it not be parseInt? Maybe thats why.
parseInt(form.user_input.value)

[Code]...

As you can see by what im doing here, I'm trying to make it so that a person can enter a math expression in a form text box and based on what the user entered, javascript will compute the summation of the function.

What I'm truly asking here is, how do I make Javascript correctly compute the sum, based on what the unser inputed? Because when I enter for example, 1/x, a lower limit, and a upper limit, it just returns an answer of NaN. I'm one step away from building a Javascript function to compute the sum of any user inputed function. It's just the text parsing thats got me knocked down.

View 3 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved