Any decent text editor will have no trouble with it... So at least mention
which editor you use, and probably ask in a group/forum related to that
editor, as people are more likely to know the ins and outs of that
particular tool.
--
Rik Wasmus
> On Fri, 25 Jan 2008 01:18:35 +0100, FreeCopywritingTips
> <danie...@sympatico.ca> wrote:
>> Does anyone know how to get around the </noscript> issue, were my
>> HTML editor refuses to save this tag?
>
> Any decent text editor will have no trouble with it...
Right.
> So at least
> mention which editor you use, and probably ask in a group/forum
> related to that editor, as people are more likely to know the ins and
> outs of that particular tool.
Indeed.
But the issue is very strange, if </noscript> is problematic and
<noscript> apparently isn't. I would bet on a user confusion.
Besides, the way to get around is to refrain from using the noscript
element. It's seldom useful. Mostly, a document that uses client-side
scripting should first be written and tested without scripting, and then
the scripting features would be added as extras with little or no need
for a separate noscript alternative.
--
Jukka K. Korpela ("Yucca")
http://www.cs.tut.fi/~jkorpela/
Wouldn't you add a:
<NOSCRIPT>This page works better with JavaScript enabled</NOSCRIPT>
though, when this was the case?
As you well know, my scripting is pathetic, so I use it only for little
flourishes that marginally improve the page's usability, so such a
statement is almost always true on my pages.
Incidentally, I work in a closed environment where scripting is on by
definition, and only off by the deviants.
I recently saw someone suggesting to add some script that determined if
JavaScript was disabled. I'm still trying to figure this one out.
--
Steve Swift
http://www.swiftys.org.uk/swifty.html
http://www.ringers.org.uk
> Wouldn't you add a:
> <NOSCRIPT>This page works better with JavaScript enabled</NOSCRIPT>
> though, when this was the case?
No. If someone has decided to disable JS, or is using a client which doesn't
support it, then constant reminders about it are going to be irritating.
--
David Dorward
http://dorward.me.uk/
http://blog.dorward.me.uk/
> Wouldn't you add a:
> <NOSCRIPT>This page works better with JavaScript enabled</NOSCRIPT>
> though, when this was the case?
No, I wouldn't write anything that foolish. At the minimum, I would tell
what the user gets, in terms of added functionality.
> As you well know, my scripting is pathetic, so I use it only for
> little flourishes that marginally improve the page's usability, so
> such a statement is almost always true on my pages.
And virtually useless then. In human communication, useless easily turns
into harmful, since it distracts from the useful.
> Incidentally, I work in a closed environment where scripting is on by
> definition, and only off by the deviants.
Factually, this group is about WWW authoring, which is by definition not
a closed environment.
> I recently saw someone suggesting to add some script that determined
> if JavaScript was disabled. I'm still trying to figure this one out.
The world would be a much duller place without clueless people, wouldn't
it?
> Wouldn't you add a:
> <NOSCRIPT>This page works better with JavaScript enabled</NOSCRIPT>
ALT="This page works better with images"
--
In memoriam Alan J. Flavell
http://groups.google.com/groups/search?q=author:Alan.J.Flavell
<FYI>
heavily outdated b.s. from early 90's
has no relation whatsoever with the modern Web
</FYI>
The previous posts are ridiculous and made by people that have little
or knowledge of valid coding of web pages, so the OP needs to
disregard their posts and follow accepted procedures.
L. 508 Standards, Section 1194.22, (l) When pages utilize scripting
languages to display content, or to create interface elements, the
information provided by the script shall be identified with functional
text that can be read by assistive technology.
Rule: 6.3.1 - Anchor elements are required not to use javascript for
the link target when the NOSCRIPT element is not present in the
document. These elements will not cause a failure of the checkpoint if
the NOSCRIPT element is found, however, they will be identified.
No Anchor elements that use javascript for the link target were found
in document body.
Rule: 6.3.2 - AREA elements are required not to use javascript for the
link target when the NOSCRIPT element is not present in the document.
These elements will not cause a failure of the checkpoint if the
NOSCRIPT element is found, however, they will be identified.
No AREA Elements found in document body.
Rule: 6.3.3 - Locate elements that use HTML event handlers.
Note: This rule has not been selected to be verified for this
checkpoint.
Rule: 6.3.4 - When SCRIPT Elements are used, the NOSCRIPT element is
required in the document.
No SCRIPT elements found in document.
Daniel
> L. 508 Standards, Section 1194.22,
Did you know that there are countries other than the United States?
--
Top-posting.
What's the most irritating thing on Usenet?
Duh, and your point is.
Daniel
> On Fri, 25 Jan 2008, aoks...@gmail.com wrote:
>
>> L. 508 Standards, Section 1194.22,
>
> Did you know that there are countries other than the United States?
The more serious part of this is that Section 508, as well as W3C WAI
recommendations, contain several items that are not just plain clueless
but also hostile to accessibility.
People who quote them as such typically have no idea of disabled
people's real needs, or ways to help them. It is not uncommon to see
such recommendations stronly presented and promoted in documents that
themselves strongly violate them (including those parts that would
really increase accessibility).
> <FYI>
> heavily outdated b.s. from early 90's
Oh VK, and you were doing so _well_! Yesterday you posted something
that was sensible and useful. Maybe it was just HipCrime?
> More info on 508 standards
>
> http://www.access-board.gov/sec508/guide/1194.22.htm
A site which uses client-side JS to display a "disclaimer"!
http://www.access-board.gov/js/disclaimer.js
Noow _that's_ real genius!
'Noow,' _that's_ real genius. :-)))
Didn't you notice it's a government site? What did you expect? ;-) ;-)
--
Ed Jay (remove 'M' to respond by email)
Anything can be taken way, way, way to far; however, the OP is only
wanting to announce why the page functionality is limited which is a
good practice.
Some people might not be aware that JavaScript has been disabled on
the computer they are using and are left wondering what is up with the
web site. Another purpose to noscript tags especially for navigation,
is to provide an alternative means of navigation or to replace
whatever the script function is with a noscript alternative.
One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code.
Also if you take a current college level course in web design it is
still recommended that noscript tags be used. Even if it wasn't
recommended by most, if not all, reputable web design experts, it is
still the right thing to do.
Daniel
>One significant reason for disabling JavaScript when browsing the
>Internet is that it is a definite security hazard to the user if they
>have JavaScript enabled. There is a lot of malicious code on web
>sites that uses JavaScript to infect the user's computer with
>malicious code.
>
Please elaborate by providing an example of how js can be used to compromise
a user's computer with malicious code.
You have to be kidding. If you need examples, visit
http://groups.google.com/group/stopbadware or http://www.stopbadware.org/home.
Daniel
Sorry, I really thought you were kidding. But your post to the other
group http://groups.google.com/group/comp.lang.javascript/topics shows
you weren't. Take some time and check out the stopbadware group it
has a lot of great info.
Daniel
No, I'm not kidding, and the sites you cite do not confirm your assertion.
If that is what you think, go ahead because evidently you didn't look
at any of the strings. I could care less either way.
Daniel
Here is one quick example for users that want to learn
http://groups.google.com/group/stopbadware/browse_thread/thread/dc2956dd65586b83
Daniel
You have good eyes, but my post to the js group is intended to start a
discussion, not to answer the base question. As I said in my query there, I
believe your statement to be false, i.e., js cannot be used to infect a
user's machine without the user's express permission.
I checked the stopbadware group. They're not talking about js being used to
infect a user's machine. They're talking about js being injected into
existing sites (hacking). They talk about badware on a user's machine, but
that badware has to be downloaded and executed, e.g., an attachment, exe
file, or packaged clandestinely with another application.
AFAIK, your statement is an artifact from years past when it was incorrectly
propagated that js was a security risk. It isn't (afaik).
btw... both of the links that I posted ( http://groups.google.com/group/stopbadware
or http://www.stopbadware.org/home ) are sponsored in part by Google
and Harvard Law School's Berkman Center for Internet & Society in
collaboration with Oxford University's Oxford Internet Institute.
Daniel
It seems funny to me that Google is flagging the web sites as
containing malicious code and that they may cause harm to your
computer.
Daniel
The opening sentence: "There seems to be two main attack vectors being
targeted at web sites right now." That's web sites, not the user's computer!
I don't think that you can show me an example of a site's js compromising a
user's computer.
While you say you could care less...you seemed to care enough to post
incorrect information, 'supported' by inappropriate citations. :-)
You really are pushing it to far the post was not for you it was for
intelligent people. That was just one quick example and I really
could care less what your opinions or thoughts are.
Daniel
I saw that, and I'm impressed with the credentials. Nevertheless, they're
talking about hacking into web sites and adding errant js. Again, they're
talking about errand js compromising a web site, not the user's computer.
You are confusing web sites with user's computers.
Read the section about how to stop malware from reaching your computer. It
never once mentions js, let alone disabling js as a preventive measure.
You know, I took great care to not attack you about your obvious lack of
reading comprehension skills. I'm sorry you feel an ad hominem strike
against me is going to win your absurd argument. Good bye.
For the people who accept new info here is one link to a direct
infection caused by JavaScript http://groups.google.com/group/stopbadware/browse_thread/thread/5d4187b832224f51
there are many more.
Daniel
And another from a different source
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5FIESLICE%2EAQ&VSect=P
Daniel
New info? LMAO! The thread is about an infected WEB SITE, not a User's
computer!!! :-))
This 'debate' is exactly why things that should not need to be debated
anymore continue to be debated. Because no matter how many facts you place
in front of someone, no matter how many beliefs are proven to be
nonsensical, they remain intractable and hold on to their false memes...and
add to them. When they are trapped by the facts, they refuse to admit they
were mistaken, and instead resort to ad hominem attacks.
You really are an idiot if you think that it is not affecting the
user's computer. There is one person mistaken here and it is you.
Daniel
>You really are an idiot
Thank you for illustrating my point.
> if you think that it is not affecting the
>user's computer. There is one person mistaken here and it is you.
>
Yawn. My last post in response to your inability to comprehend what you are
reading.
> aoks...@gmail.com scribed:
>
>> Ed Jay <ed...@aes-intl.com> wrote:
>>> aoksi...@gmail.com scribed:
>>
>> For the people who accept new info here is one link to a direct
>> infection caused by JavaScript
>> http://groups.google.com/group/stopbadware/browse_thread/thread/5d4187b832224f51
>> there are many more.
>>
> New info? LMAO! The thread is about an infected WEB SITE, not a User's
> computer!!! :-))
I just read the stopbadware thread listed above, and it sure looks to me
as if it is about the hacking of web sites - *which in turn* - infect
the computers of visitors with inferior browsers and JavaScript enabled.
--
-bts
-No, I haven't been following this entire </noscript> thread
Thank you.
Daniel
That's not quite how I read it. I'd have said that errant js on hacked web
sites can result in naughty files being downloaded, instead of the desired
file, and when the naughty file is executed by the user, it may infect the
user's computer. It is not the js that compromises the user's machine.
Please read this
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5FIESLICE%2EAQ&VSect=T
and this
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5FIESLICE%2EAQ&VSect=Sn
It more clearly states the issue.
Daniel
Thanks, but I'm not sure I understand. The citation says, and I paraphrase
for brevity:
>>>
>This malicious JavaScript is hosted on a Web site and runs when a user accesses the said Web site.
Yup
>This malicious JavaScript accesses the following URL to download files:
Yup
>It takes advantage of the following software vulnerabilities:
><snip> All ActiveX exploits
ActiveX exploits... I understand the security issues with ActiveX
>Upon successful exploit, the system is redirected to the following Web site to download a malicious file
OK
>It saves the downloaded files..
OK
>It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.
>>>
To my knowledge, the only way that js can execute a local file is either
with user permission, or by exploiting security holes in either the browser
(IE is infamous) or the ActiveX controls. Google 'javascript "execute local
files"' for an explanation.
I conclude that js isn't the problem, but poor browser design and those
lovely ActiveX controls are (forgetting those who execute files they
shouldn't). Hence, your original statement
>One significant reason for disabling JavaScript when browsing the
>Internet is that it is a definite security hazard to the user if they
>have JavaScript enabled. There is a lot of malicious code on web
>sites that uses JavaScript to infect the user's computer with
>malicious code.
is true only if the user's system is already compromised.
Ed Jay,
The past few posts and any future posts are not intended for you.
They are intended for everyone else that might find this new type of
malicious code / exploit of interest.
Best Wishes,
Daniel
It is the js that causes the naughty file to be downloaded. Why is that
hard for you to understand? (If it's an ActiveX control/file, and you
are using Internet Exploder, you've been had.)
--
-bts
-Friends don't let friends drive Vista
I understand fully that it's the js that causes the file to be downloaded. I
also understand that js can execute a local file only on an already
compromised system. Call me pedantic if you must, but javascript cannot do
anything bad to a user's computer that has not been otherwise compromised.
If the system is already compromised, excepting for the moment, disabling
javascript does not fix the problem anymore than taking an aspirin is going
to cure a disease that causes a headache.
I'm not using IE or ActiveX controls with their known security issues. My
system is adequately protected against viruses, trojans worms, etc. Should I
disable js on my browser because js is a security issue with aberrant
machines? I don't think so.
>The past few posts and any future posts are not intended for you.
>They are intended for everyone else that might find this new type of
>malicious code / exploit of interest.
>
>Best Wishes,
>
Thanks, Daniel, but I'd assume that with little exception, the participants
in this NG have taken appropriate steps to maintain the integrity of their
computers, and don't worry needlessly over some errant site infecting them.
But, please continue with your quest to disseminate misinformation. With the
writers still on strike, it's refreshing to read your new jokes.
>BM
>
lol. You've already shown us your lack of intellectual skills, although I
must admit that your responses clearly illustrate your ability to ignore the
humiliation of self-proclaimed ineptitude. But, why compound your
self-denigration by demonstrating your childish nature? Rest assured that
your contributions are given the respect they so richly deserve.
Kindly asking to keep you mouth shut until there is something wise to
say.
> L. 508 Standards, Section 1194.22
Before quoting any law it is wide to check what kind of law is that
and to what domain does it apply. I already explained in this NG the
508 hoax several times, but maybe it is time to do once again:
"Section 508 requires that Federal agencies' electronic and
information technology is accessible to people with disabilities. IT
Accessibility & Workforce Division, in the U.S. General Services
Administration's Office of Governmentwide Policy, has been charged
with the task of educating Federal employees and building the
infrastructure necessary to support Section 508 implementation. Using
this web site, Federal employees and the public can access resources
for understanding and implementing the requirements of Section 508."
(http://www.section508.gov)
Can you see any difference between a federal US facility and a dotcom
site? I guess not.
The real genius would be to figure how the hell somebody as stupid as
you makes it in the world.
> aoks...@gmail.com scribed:
>
>>One significant reason for disabling JavaScript when browsing the
>>Internet is that it is a definite security hazard to the user if they
>>have JavaScript enabled. There is a lot of malicious code on web
>>sites that uses JavaScript to infect the user's computer with
>>malicious code.
>>
> Please elaborate by providing an example of how js can be used to compromise
> a user's computer with malicious code.
Search for "Javascript" on <http://secunia.com/search/>
and similar sites. Some examples (note the proposed
solution in the first one):
<http://secunia.com/advisories/27427/>:
"Description:
Sun has acknowledged some vulnerabilities in Mozilla 1.7 for
Sun Solaris, which potentially can be exploited by malicious
people to compromise a user's system.
...
Solution:
The vendor recommends disabling the JavaScript support. Please
see the vendor's advisory for details."
<http://secunia.com/advisories/26477/>:
"Description:
A vulnerability has been reported in Opera, which potentially
can be exploited by malicious people to compromise a user's
system.
The vulnerability is caused due to an unspecified error when
processing JavaScript code and can result in a virtual function
call using an invalid pointer. This can be exploited to execute
arbitrary code by e.g. tricking a user into visiting a malicious
website."
<http://secunia.com/advisories/26287/>:
"Description:
Some vulnerabilities have been reported in Apple iPhone, which
can be exploited by malicious people to conduct cross-site
scripting and spoofing attacks, and potentially to compromise
a vulnerable system.
...
2) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library used by the Javascript engine in Safari can be
exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.
Successful exploitation may allow execution of arbitrary code."
/Nisse
Compromised integrity due to vulnerabilities, i.e., security holes, in
browsers are not the fault of javascript.
Compare this to lying on a road in the middle of the night wearing
dark clothing. You might get hit by a car or two, but that means that
cars are dangerous, not the road. Nevertheless, sensible people rarely
lie down on roads.
If you have to disable your browser's Javascript interpreter because
it has security bugs (and the record suggests that the interpreters in
all major browsers are likely to contain significant undiscovered
bugs) that a malicious site might use to take over your computer, then
the fact that the Javascript itself is perfectly safe is irrelevant.
--
Chris
>Ed Jay <ed...@aes-intl.com> writes:
>> Compromised integrity due to vulnerabilities, i.e., security holes, in
>> browsers are not the fault of javascript.
>
>Compare this to lying on a road in the middle of the night wearing
>dark clothing. You might get hit by a car or two, but that means that
>cars are dangerous, not the road. Nevertheless, sensible people rarely
>lie down on roads.
Terrible analogy. :-)
>
>If you have to disable your browser's Javascript interpreter because
>it has security bugs (and the record suggests that the interpreters in
>all major browsers are likely to contain significant undiscovered
>bugs) that a malicious site might use to take over your computer, then
>the fact that the Javascript itself is perfectly safe is irrelevant.
It's relevant to the OP.