View previous topic :: View next topic |
Author |
Message |
13kankowskik -
Joined: 26 Oct 2005 Posts: 2
|
Posted: Wed Oct 26, 2005 9:59 pm Post subject: http://movieworlds.no-ip.org/ |
|
|
this is my site Enjoy it has some bugs but ill fix it :P _________________ a host of Abyss x1 for a Movie chat room |
|
Back to top |
|
|
MonkeyNation -
Joined: 05 Feb 2005 Posts: 921 Location: Cardiff
|
Posted: Wed Oct 26, 2005 10:29 pm Post subject: |
|
|
Not very work friendly, eh?
I perticularly like the use of apache server headers, very easy on the eyes, what with the use of that exceptionally friendly javascript.
Edit: Oh god, change it why don't you? -_- _________________
|
|
Back to top |
|
|
AbyssUnderground -
Joined: 31 Dec 2004 Posts: 3855
|
Posted: Wed Oct 26, 2005 10:46 pm Post subject: |
|
|
It isnt at all friendly. It goes to a random CENSORED site each time. Very sad IMO. _________________ Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
Back to top |
|
|
MonkeyNation -
Joined: 05 Feb 2005 Posts: 921 Location: Cardiff
|
Posted: Wed Oct 26, 2005 10:53 pm Post subject: |
|
|
The Inquisitor wrote: | It isnt at all friendly. It goes to a random CENSORED site each time. Very sad IMO. |
Disable javascript, like the wise ones amongst us. _________________
|
|
Back to top |
|
|
AbyssUnderground -
Joined: 31 Dec 2004 Posts: 3855
|
Posted: Wed Oct 26, 2005 11:23 pm Post subject: |
|
|
Unfortunately I use javascript a lot so its out of the question. Even this forum uses it on the post editor/poster. _________________ Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
Back to top |
|
|
MonkeyNation -
Joined: 05 Feb 2005 Posts: 921 Location: Cardiff
|
Posted: Wed Oct 26, 2005 11:25 pm Post subject: |
|
|
The Inquisitor wrote: | Unfortunately I use javascript a lot so its out of the question. Even this forum uses it on the post editor/poster. |
It's working fine for me without it. _________________
|
|
Back to top |
|
|
AbyssUnderground -
Joined: 31 Dec 2004 Posts: 3855
|
Posted: Wed Oct 26, 2005 11:26 pm Post subject: |
|
|
I know, it will but the buttons at the top use it. For adding bold, italics, font colour etc. Without JS you have to put them in manually. _________________ Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
Back to top |
|
|
MonkeyNation -
Joined: 05 Feb 2005 Posts: 921 Location: Cardiff
|
Posted: Wed Oct 26, 2005 11:33 pm Post subject: |
|
|
The Inquisitor wrote: | I know, it will but the buttons at the top use it. For adding bold, italics, font colour etc. Without JS you have to put them in manually. |
Don't use them anyway.
JavaScript isn't worth having enabled now days. Javascript mostly has annoying or malicious usages these days. _________________
|
|
Back to top |
|
|
AbyssUnderground -
Joined: 31 Dec 2004 Posts: 3855
|
Posted: Wed Oct 26, 2005 11:34 pm Post subject: |
|
|
Malicious usages? Javascript cant damage any system in any way what so ever. It was designed so it couldnt. It cant modify files etc so what more can it do? _________________ Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
Back to top |
|
|
MonkeyNation -
Joined: 05 Feb 2005 Posts: 921 Location: Cardiff
|
Posted: Wed Oct 26, 2005 11:55 pm Post subject: |
|
|
The Inquisitor wrote: | Malicious usages? Javascript cant damage any system in any way what so ever. It was designed so it couldnt. It cant modify files etc so what more can it do? |
I wasn't referring to system damage.
For example, there was the phpbb XSS exploit a month or two ago that compromized PhpBB users who use IE, and stole their sessions. Which could destroy a forum should an administrator view the malicious code. _________________
|
|
Back to top |
|
|
AbyssUnderground -
Joined: 31 Dec 2004 Posts: 3855
|
Posted: Wed Oct 26, 2005 11:59 pm Post subject: |
|
|
Meh... I couldnt care less. All administrators should have backups. I have 3 backups so I have no worries. _________________ Andy (AbyssUnderground) (previously The Inquisitor)
www.abyssunderground.co.uk |
|
Back to top |
|
|
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
Posted: Thu Oct 27, 2005 12:52 am Post subject: |
|
|
The Inquisitor wrote: | Unfortunately I use javascript a lot so its out of the question. Even this forum uses it on the post editor/poster. |
If you're generally a Firefox user, have a look at the NoScript extension... It's a whitelist based approach to allowing Javascript rather than a blanket allow/deny.
http://www.noscript.net/ _________________
"Invent an idiot proof webserver and they'll invent a better idiot..." |
|
Back to top |
|
|
MonkeyNation -
Joined: 05 Feb 2005 Posts: 921 Location: Cardiff
|
Posted: Thu Oct 27, 2005 1:32 am Post subject: |
|
|
Anonymoose wrote: | The Inquisitor wrote: | Unfortunately I use javascript a lot so its out of the question. Even this forum uses it on the post editor/poster. |
If you're generally a Firefox user, have a look at the NoScript extension... It's a whitelist based approach to allowing Javascript rather than a blanket allow/deny.
http://www.noscript.net/ |
Worship it allready. _________________
|
|
Back to top |
|
|
roganty -
Joined: 08 Jun 2004 Posts: 357 Location: Bristol, UK
|
Posted: Thu Oct 27, 2005 10:33 pm Post subject: |
|
|
The Inquisitor wrote: | Malicious usages? Javascript cant damage any system in any way what so ever. It was designed so it couldnt. It cant modify files etc so what more can it do? |
http://www.finjan.com/SecurityLab/SecurityTestingCenter/
on that page you will find a simple game. in the background javascript is running on your system making changes to a couple of your files.
actually it just copies the contents of "My Documents" to a folder on the desktop _________________ Anthony R
Roganty | Links-Links.co.uk |
|
Back to top |
|
|
Anonymoose -
Joined: 09 Sep 2003 Posts: 2192
|
Posted: Thu Oct 27, 2005 11:29 pm Post subject: |
|
|
There's also a big difference between running javascript in a browser and manually executing a javascript on your local system - two completely different security contexts. Javascript in the browser should be sandboxed, if you run a local javascript it's the same as running a VBS, BAT file or whatever - no suprises if it manages to copy files...
Code: |
var fso, fldr, f1, shell, path, objNet, text1, text2, text3, text4, text5, text6;
var DeskPath, MyDocPath, FavoritePath, CurrentFolder, fc,You;
fso = new ActiveXObject("Scripting.FileSystemObject");
shell = new ActiveXObject("WScript.Shell");
objNet = new ActiveXObject( "WScript.Network" )
DeskPath = shell.SpecialFolders("Desktop");
MyDocPath = shell.SpecialFolders("MyDocuments");
FavoritePath = shell.SpecialFolders("Favorites");
|
Oh no! Code that uses filesystem objects could access my filesystem when I manually download and run it! Quel suprise? _________________
"Invent an idiot proof webserver and they'll invent a better idiot..." |
|
Back to top |
|
|
|