Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

</noscript> Issue

17 views
Skip to first unread message

FreeCopywritingTips

unread,
Jan 24, 2008, 7:18:35 PM1/24/08
to
Does anyone know how to get around the </noscript> issue, were my HTML
editor refuses to save this tag?

Rik Wasmus

unread,
Jan 24, 2008, 7:31:12 PM1/24/08
to

Any decent text editor will have no trouble with it... So at least mention
which editor you use, and probably ask in a group/forum related to that
editor, as people are more likely to know the ins and outs of that
particular tool.
--
Rik Wasmus

Jukka K. Korpela

unread,
Jan 24, 2008, 8:16:13 PM1/24/08
to
Scripsit Rik Wasmus:

> On Fri, 25 Jan 2008 01:18:35 +0100, FreeCopywritingTips
> <danie...@sympatico.ca> wrote:
>> Does anyone know how to get around the </noscript> issue, were my
>> HTML editor refuses to save this tag?
>
> Any decent text editor will have no trouble with it...

Right.

> So at least
> mention which editor you use, and probably ask in a group/forum
> related to that editor, as people are more likely to know the ins and
> outs of that particular tool.

Indeed.

But the issue is very strange, if </noscript> is problematic and
<noscript> apparently isn't. I would bet on a user confusion.

Besides, the way to get around is to refrain from using the noscript
element. It's seldom useful. Mostly, a document that uses client-side
scripting should first be written and tested without scripting, and then
the scripting features would be added as extras with little or no need
for a separate noscript alternative.

--
Jukka K. Korpela ("Yucca")
http://www.cs.tut.fi/~jkorpela/

Steve Swift

unread,
Jan 25, 2008, 5:02:57 AM1/25/08
to
Jukka K. Korpela wrote:
> Besides, the way to get around is to refrain from using the noscript
> element. It's seldom useful. Mostly, a document that uses client-side
> scripting should first be written and tested without scripting, and then
> the scripting features would be added as extras with little or no need
> for a separate noscript alternative.

Wouldn't you add a:
<NOSCRIPT>This page works better with JavaScript enabled</NOSCRIPT>
though, when this was the case?

As you well know, my scripting is pathetic, so I use it only for little
flourishes that marginally improve the page's usability, so such a
statement is almost always true on my pages.
Incidentally, I work in a closed environment where scripting is on by
definition, and only off by the deviants.

I recently saw someone suggesting to add some script that determined if
JavaScript was disabled. I'm still trying to figure this one out.

--
Steve Swift
http://www.swiftys.org.uk/swifty.html
http://www.ringers.org.uk

David Dorward

unread,
Jan 25, 2008, 5:58:08 AM1/25/08
to
Steve Swift wrote:

> Wouldn't you add a:
> <NOSCRIPT>This page works better with JavaScript enabled</NOSCRIPT>
> though, when this was the case?

No. If someone has decided to disable JS, or is using a client which doesn't
support it, then constant reminders about it are going to be irritating.

--
David Dorward
http://dorward.me.uk/
http://blog.dorward.me.uk/

Jukka K. Korpela

unread,
Jan 25, 2008, 5:59:14 AM1/25/08
to
Scripsit Steve Swift:

> Wouldn't you add a:
> <NOSCRIPT>This page works better with JavaScript enabled</NOSCRIPT>
> though, when this was the case?

No, I wouldn't write anything that foolish. At the minimum, I would tell
what the user gets, in terms of added functionality.

> As you well know, my scripting is pathetic, so I use it only for
> little flourishes that marginally improve the page's usability, so
> such a statement is almost always true on my pages.

And virtually useless then. In human communication, useless easily turns
into harmful, since it distracts from the useful.

> Incidentally, I work in a closed environment where scripting is on by
> definition, and only off by the deviants.

Factually, this group is about WWW authoring, which is by definition not
a closed environment.

> I recently saw someone suggesting to add some script that determined
> if JavaScript was disabled. I'm still trying to figure this one out.

The world would be a much duller place without clueless people, wouldn't
it?

Andreas Prilop

unread,
Jan 25, 2008, 8:58:50 AM1/25/08
to
On Fri, 25 Jan 2008, Steve Swift wrote:

> Wouldn't you add a:
> <NOSCRIPT>This page works better with JavaScript enabled</NOSCRIPT>

ALT="This page works better with images"

--
In memoriam Alan J. Flavell
http://groups.google.com/groups/search?q=author:Alan.J.Flavell

VK

unread,
Jan 25, 2008, 10:33:12 AM1/25/08
to
On Jan 25, 4:16 am, "Jukka K. Korpela" <jkorp...@cs.tut.fi> wrote:
> Besides, the way to get around is to refrain from using the noscript
> element. It's seldom useful. Mostly, a document that uses client-side
> scripting should first be written and tested without scripting, and then
> the scripting features would be added as extras with little or no need
> for a separate noscript alternative.

<FYI>
heavily outdated b.s. from early 90's

has no relation whatsoever with the modern Web
</FYI>

aoks...@gmail.com

unread,
Jan 25, 2008, 10:41:41 AM1/25/08
to

The previous posts are ridiculous and made by people that have little
or knowledge of valid coding of web pages, so the OP needs to
disregard their posts and follow accepted procedures.

L. 508 Standards, Section 1194.22, (l) When pages utilize scripting
languages to display content, or to create interface elements, the
information provided by the script shall be identified with functional
text that can be read by assistive technology.
Rule: 6.3.1 - Anchor elements are required not to use javascript for
the link target when the NOSCRIPT element is not present in the
document. These elements will not cause a failure of the checkpoint if
the NOSCRIPT element is found, however, they will be identified.
No Anchor elements that use javascript for the link target were found
in document body.
Rule: 6.3.2 - AREA elements are required not to use javascript for the
link target when the NOSCRIPT element is not present in the document.
These elements will not cause a failure of the checkpoint if the
NOSCRIPT element is found, however, they will be identified.
No AREA Elements found in document body.
Rule: 6.3.3 - Locate elements that use HTML event handlers.
Note: This rule has not been selected to be verified for this
checkpoint.
Rule: 6.3.4 - When SCRIPT Elements are used, the NOSCRIPT element is
required in the document.
No SCRIPT elements found in document.

Daniel

http://a-ok-site.com

Andreas Prilop

unread,
Jan 25, 2008, 10:45:46 AM1/25/08
to
On Fri, 25 Jan 2008, aoks...@gmail.com wrote:

> L. 508 Standards, Section 1194.22,

Did you know that there are countries other than the United States?

--
Top-posting.
What's the most irritating thing on Usenet?

aoks...@gmail.com

unread,
Jan 25, 2008, 10:47:03 AM1/25/08
to

aoks...@gmail.com

unread,
Jan 25, 2008, 10:49:09 AM1/25/08
to
On Jan 25, 9:45 am, Andreas Prilop <aprilop2...@trashmail.net> wrote:

> On Fri, 25 Jan 2008, aoksi...@gmail.com wrote:
> > L. 508 Standards, Section 1194.22,
>
> Did you know that there are countries other than the United States?
>
> --
> Top-posting.
> What's the most irritating thing on Usenet?

Duh, and your point is.

Daniel

Jukka K. Korpela

unread,
Jan 25, 2008, 11:47:42 AM1/25/08
to
Scripsit Andreas Prilop:

> On Fri, 25 Jan 2008, aoks...@gmail.com wrote:
>
>> L. 508 Standards, Section 1194.22,
>
> Did you know that there are countries other than the United States?

The more serious part of this is that Section 508, as well as W3C WAI
recommendations, contain several items that are not just plain clueless
but also hostile to accessibility.

People who quote them as such typically have no idea of disabled
people's real needs, or ways to help them. It is not uncommon to see
such recommendations stronly presented and promoted in documents that
themselves strongly violate them (including those parts that would
really increase accessibility).

Andy Dingley

unread,
Jan 25, 2008, 1:31:34 PM1/25/08
to
On 25 Jan, 15:33, VK <schools_r...@yahoo.com> wrote:

> <FYI>
> heavily outdated b.s. from early 90's

Oh VK, and you were doing so _well_! Yesterday you posted something
that was sensible and useful. Maybe it was just HipCrime?

Andy Dingley

unread,
Jan 25, 2008, 1:33:02 PM1/25/08
to
On 25 Jan, 15:47, "aoksi...@gmail.com" <aoksi...@gmail.com> wrote:

A site which uses client-side JS to display a "disclaimer"!
http://www.access-board.gov/js/disclaimer.js

Noow _that's_ real genius!

Ed Jay

unread,
Jan 25, 2008, 1:53:30 PM1/25/08
to
Andy Dingley scribed:

'Noow,' _that's_ real genius. :-)))

Didn't you notice it's a government site? What did you expect? ;-) ;-)

--
Ed Jay (remove 'M' to respond by email)

aoks...@gmail.com

unread,
Jan 25, 2008, 2:05:06 PM1/25/08
to
On Jan 25, 12:33 pm, Andy Dingley <ding...@codesmiths.com> wrote:
> On 25 Jan, 15:47, "aoksi...@gmail.com" <aoksi...@gmail.com> wrote:
>
> > More info on 508 standards
>
> >http://www.access-board.gov/sec508/guide/1194.22.htm
>
> A site which uses client-side JS to display a "disclaimer"!http://www.access-board.gov/js/disclaimer.js

>
> Noow _that's_ real genius!

Anything can be taken way, way, way to far; however, the OP is only
wanting to announce why the page functionality is limited which is a
good practice.

Some people might not be aware that JavaScript has been disabled on
the computer they are using and are left wondering what is up with the
web site. Another purpose to noscript tags especially for navigation,
is to provide an alternative means of navigation or to replace
whatever the script function is with a noscript alternative.

One significant reason for disabling JavaScript when browsing the
Internet is that it is a definite security hazard to the user if they
have JavaScript enabled. There is a lot of malicious code on web
sites that uses JavaScript to infect the user's computer with
malicious code.

Also if you take a current college level course in web design it is
still recommended that noscript tags be used. Even if it wasn't
recommended by most, if not all, reputable web design experts, it is
still the right thing to do.

Daniel

http://a-ok-site.com

Ed Jay

unread,
Jan 25, 2008, 2:21:12 PM1/25/08
to
aoks...@gmail.com scribed:

>One significant reason for disabling JavaScript when browsing the
>Internet is that it is a definite security hazard to the user if they
>have JavaScript enabled. There is a lot of malicious code on web
>sites that uses JavaScript to infect the user's computer with
>malicious code.
>

Please elaborate by providing an example of how js can be used to compromise
a user's computer with malicious code.

aoks...@gmail.com

unread,
Jan 25, 2008, 2:35:59 PM1/25/08
to
On Jan 25, 1:21 pm, Ed Jay <ed...@aes-intl.com> wrote:
> aoksi...@gmail.com scribed:

You have to be kidding. If you need examples, visit
http://groups.google.com/group/stopbadware or http://www.stopbadware.org/home.

Daniel

http://a-ok-site.com

aoks...@gmail.com

unread,
Jan 25, 2008, 2:40:01 PM1/25/08
to

Sorry, I really thought you were kidding. But your post to the other
group http://groups.google.com/group/comp.lang.javascript/topics shows
you weren't. Take some time and check out the stopbadware group it
has a lot of great info.

Daniel

http://a-ok-site.com

Ed Jay

unread,
Jan 25, 2008, 2:42:52 PM1/25/08
to
aoks...@gmail.com scribed:

No, I'm not kidding, and the sites you cite do not confirm your assertion.

aoks...@gmail.com

unread,
Jan 25, 2008, 2:46:48 PM1/25/08
to
On Jan 25, 1:42 pm, Ed Jay <ed...@aes-intl.com> wrote:
> aoksi...@gmail.com scribed:
>
>
>
> >On Jan 25, 1:21 pm, Ed Jay <ed...@aes-intl.com> wrote:
> >> aoksi...@gmail.com scribed:
>
> >> >One significant reason for disabling JavaScript when browsing the
> >> >Internet is that it is a definite security hazard to the user if they
> >> >have JavaScript enabled. There is a lot of malicious code on web
> >> >sites that uses JavaScript to infect the user's computer with
> >> >malicious code.
>
> >> Please elaborate by providing an example of how js can be used to compromise
> >> a user's computer with malicious code.
> >> --
> >> Ed Jay (remove 'M' to respond by email)
>
> >You have to be kidding. If you need examples, visit
> >http://groups.google.com/group/stopbadwareorhttp://www.stopbadware.org/home.

>
> No, I'm not kidding, and the sites you cite do not confirm your assertion.
> --
> Ed Jay (remove 'M' to respond by email)

If that is what you think, go ahead because evidently you didn't look
at any of the strings. I could care less either way.

Daniel

aoks...@gmail.com

unread,
Jan 25, 2008, 2:50:03 PM1/25/08
to
On Jan 25, 1:42 pm, Ed Jay <ed...@aes-intl.com> wrote:
> aoksi...@gmail.com scribed:
>
>
>
> >On Jan 25, 1:21 pm, Ed Jay <ed...@aes-intl.com> wrote:
> >> aoksi...@gmail.com scribed:
>
> >> >One significant reason for disabling JavaScript when browsing the
> >> >Internet is that it is a definite security hazard to the user if they
> >> >have JavaScript enabled. There is a lot of malicious code on web
> >> >sites that uses JavaScript to infect the user's computer with
> >> >malicious code.
>
> >> Please elaborate by providing an example of how js can be used to compromise
> >> a user's computer with malicious code.
> >> --
> >> Ed Jay (remove 'M' to respond by email)
>
> >You have to be kidding. If you need examples, visit
> >http://groups.google.com/group/stopbadwareorhttp://www.stopbadware.org/home.

>
> No, I'm not kidding, and the sites you cite do not confirm your assertion.
> --
> Ed Jay (remove 'M' to respond by email)

Here is one quick example for users that want to learn
http://groups.google.com/group/stopbadware/browse_thread/thread/dc2956dd65586b83

Daniel

Ed Jay

unread,
Jan 25, 2008, 2:53:18 PM1/25/08
to
aoks...@gmail.com scribed:

You have good eyes, but my post to the js group is intended to start a
discussion, not to answer the base question. As I said in my query there, I
believe your statement to be false, i.e., js cannot be used to infect a
user's machine without the user's express permission.

I checked the stopbadware group. They're not talking about js being used to
infect a user's machine. They're talking about js being injected into
existing sites (hacking). They talk about badware on a user's machine, but
that badware has to be downloaded and executed, e.g., an attachment, exe
file, or packaged clandestinely with another application.

AFAIK, your statement is an artifact from years past when it was incorrectly
propagated that js was a security risk. It isn't (afaik).

aoks...@gmail.com

unread,
Jan 25, 2008, 2:53:59 PM1/25/08
to
On Jan 25, 1:42 pm, Ed Jay <ed...@aes-intl.com> wrote:
> aoksi...@gmail.com scribed:
>
>
>
> >On Jan 25, 1:21 pm, Ed Jay <ed...@aes-intl.com> wrote:
> >> aoksi...@gmail.com scribed:
>
> >> >One significant reason for disabling JavaScript when browsing the
> >> >Internet is that it is a definite security hazard to the user if they
> >> >have JavaScript enabled. There is a lot of malicious code on web
> >> >sites that uses JavaScript to infect the user's computer with
> >> >malicious code.
>
> >> Please elaborate by providing an example of how js can be used to compromise
> >> a user's computer with malicious code.
> >> --
> >> Ed Jay (remove 'M' to respond by email)
>
> >You have to be kidding. If you need examples, visit
> >http://groups.google.com/group/stopbadwareorhttp://www.stopbadware.org/home.

>
> No, I'm not kidding, and the sites you cite do not confirm your assertion.
> --
> Ed Jay (remove 'M' to respond by email)

btw... both of the links that I posted ( http://groups.google.com/group/stopbadware
or http://www.stopbadware.org/home ) are sponsored in part by Google
and Harvard Law School's Berkman Center for Internet & Society in
collaboration with Oxford University's Oxford Internet Institute.

Daniel

http://a-ok-site.com

aoks...@gmail.com

unread,
Jan 25, 2008, 2:57:13 PM1/25/08
to
On Jan 25, 1:53 pm, Ed Jay <ed...@aes-intl.com> wrote:
> aoksi...@gmail.com scribed:
>
>
>
> >On Jan 25, 1:35 pm, "aoksi...@gmail.com" <aoksi...@gmail.com> wrote:
> >> On Jan 25, 1:21 pm, Ed Jay <ed...@aes-intl.com> wrote:
>
> >> > aoksi...@gmail.com scribed:
>
> >> > >One significant reason for disabling JavaScript when browsing the
> >> > >Internet is that it is a definite security hazard to the user if they
> >> > >have JavaScript enabled. There is a lot of malicious code on web
> >> > >sites that uses JavaScript to infect the user's computer with
> >> > >malicious code.
>
> >> > Please elaborate by providing an example of how js can be used to compromise
> >> > a user's computer with malicious code.
> >> > --
> >> > Ed Jay (remove 'M' to respond by email)
>
> >> You have to be kidding. If you need examples, visithttp://groups.google.com/group/stopbadwareorhttp://www.stopbadware.or....

>
> >> Daniel
>
> >>http://a-ok-site.com
>
> >Sorry, I really thought you were kidding. But your post to the other
> >grouphttp://groups.google.com/group/comp.lang.javascript/topicsshows
> >you weren't. Take some time and check out the stopbadware group it
> >has a lot of great info.
>
> You have good eyes, but my post to the js group is intended to start a
> discussion, not to answer the base question. As I said in my query there, I
> believe your statement to be false, i.e., js cannot be used to infect a
> user's machine without the user's express permission.
>
> I checked the stopbadware group. They're not talking about js being used to
> infect a user's machine. They're talking about js being injected into
> existing sites (hacking). They talk about badware on a user's machine, but
> that badware has to be downloaded and executed, e.g., an attachment, exe
> file, or packaged clandestinely with another application.
>
> AFAIK, your statement is an artifact from years past when it was incorrectly
> propagated that js was a security risk. It isn't (afaik).
> --
> Ed Jay (remove 'M' to respond by email)

It seems funny to me that Google is flagging the web sites as
containing malicious code and that they may cause harm to your
computer.

Daniel

http://a-ok-site.com

Ed Jay

unread,
Jan 25, 2008, 3:03:20 PM1/25/08
to
aoks...@gmail.com scribed:

The opening sentence: "There seems to be two main attack vectors being
targeted at web sites right now." That's web sites, not the user's computer!
I don't think that you can show me an example of a site's js compromising a
user's computer.

While you say you could care less...you seemed to care enough to post
incorrect information, 'supported' by inappropriate citations. :-)

Ed Jay

unread,
Jan 25, 2008, 3:04:59 PM1/25/08
to
aoks...@gmail.com scribed:

Citation please, because that's not what they are saying.

aoks...@gmail.com

unread,
Jan 25, 2008, 3:05:22 PM1/25/08
to
On Jan 25, 2:03 pm, Ed Jay <ed...@aes-intl.com> wrote:
> aoksi...@gmail.com scribed:
>
>
>
> >On Jan 25, 1:42 pm, Ed Jay <ed...@aes-intl.com> wrote:
> >> aoksi...@gmail.com scribed:
>
> >> >On Jan 25, 1:21 pm, Ed Jay <ed...@aes-intl.com> wrote:
> >> >> aoksi...@gmail.com scribed:
>
> >> >> >One significant reason for disabling JavaScript when browsing the
> >> >> >Internet is that it is a definite security hazard to the user if they
> >> >> >have JavaScript enabled. There is a lot of malicious code on web
> >> >> >sites that uses JavaScript to infect the user's computer with
> >> >> >malicious code.
>
> >> >> Please elaborate by providing an example of how js can be used to compromise
> >> >> a user's computer with malicious code.
> >> >> --
> >> >> Ed Jay (remove 'M' to respond by email)
>
> >> >You have to be kidding. If you need examples, visit
> >> >http://groups.google.com/group/stopbadwareorhttp://www.stopbadware.or....

>
> >> No, I'm not kidding, and the sites you cite do not confirm your assertion.
> >> --
> >> Ed Jay (remove 'M' to respond by email)
>
> >Here is one quick example for users that want to learn
> >http://groups.google.com/group/stopbadware/browse_thread/thread/dc295...

>
> The opening sentence: "There seems to be two main attack vectors being
> targeted at web sites right now." That's web sites, not the user's computer!
> I don't think that you can show me an example of a site's js compromising a
> user's computer.
>
> While you say you could care less...you seemed to care enough to post
> incorrect information, 'supported' by inappropriate citations. :-)
> --
> Ed Jay (remove 'M' to respond by email)

You really are pushing it to far the post was not for you it was for
intelligent people. That was just one quick example and I really
could care less what your opinions or thoughts are.

Daniel

Ed Jay

unread,
Jan 25, 2008, 3:07:39 PM1/25/08
to
aoks...@gmail.com scribed:

I saw that, and I'm impressed with the credentials. Nevertheless, they're
talking about hacking into web sites and adding errant js. Again, they're
talking about errand js compromising a web site, not the user's computer.
You are confusing web sites with user's computers.

Read the section about how to stop malware from reaching your computer. It
never once mentions js, let alone disabling js as a preventive measure.

Ed Jay

unread,
Jan 25, 2008, 3:11:57 PM1/25/08
to
aoks...@gmail.com scribed:

You know, I took great care to not attack you about your obvious lack of
reading comprehension skills. I'm sorry you feel an ad hominem strike
against me is going to win your absurd argument. Good bye.

aoks...@gmail.com

unread,
Jan 25, 2008, 3:22:04 PM1/25/08
to

For the people who accept new info here is one link to a direct
infection caused by JavaScript http://groups.google.com/group/stopbadware/browse_thread/thread/5d4187b832224f51
there are many more.

Daniel

http://a-ok-site.com

aoks...@gmail.com

unread,
Jan 25, 2008, 4:05:45 PM1/25/08
to

Ed Jay

unread,
Jan 25, 2008, 4:11:52 PM1/25/08
to
aoks...@gmail.com scribed:

New info? LMAO! The thread is about an infected WEB SITE, not a User's
computer!!! :-))

This 'debate' is exactly why things that should not need to be debated
anymore continue to be debated. Because no matter how many facts you place
in front of someone, no matter how many beliefs are proven to be
nonsensical, they remain intractable and hold on to their false memes...and
add to them. When they are trapped by the facts, they refuse to admit they
were mistaken, and instead resort to ad hominem attacks.

aoks...@gmail.com

unread,
Jan 25, 2008, 4:25:56 PM1/25/08
to
> >infection caused by JavaScripthttp://groups.google.com/group/stopbadware/browse_thread/thread/5d418...

> >there are many more.
>
> New info? LMAO! The thread is about an infected WEB SITE, not a User's
> computer!!! :-))
>
> This 'debate' is exactly why things that should not need to be debated
> anymore continue to be debated. Because no matter how many facts you place
> in front of someone, no matter how many beliefs are proven to be
> nonsensical, they remain intractable and hold on to their false memes...and
> add to them. When they are trapped by the facts, they refuse to admit they
> were mistaken, and instead resort to ad hominem attacks.
> --
> Ed Jay (remove 'M' to respond by email)

You really are an idiot if you think that it is not affecting the
user's computer. There is one person mistaken here and it is you.

Daniel

Ed Jay

unread,
Jan 25, 2008, 4:38:13 PM1/25/08
to
aoks...@gmail.com scribed:

>You really are an idiot

Thank you for illustrating my point.

> if you think that it is not affecting the
>user's computer. There is one person mistaken here and it is you.
>

Yawn. My last post in response to your inability to comprehend what you are
reading.

Beauregard T. Shagnasty

unread,
Jan 25, 2008, 4:57:47 PM1/25/08
to
Ed Jay wrote:

> aoks...@gmail.com scribed:


>
>> Ed Jay <ed...@aes-intl.com> wrote:
>>> aoksi...@gmail.com scribed:
>>

>> For the people who accept new info here is one link to a direct
>> infection caused by JavaScript
>> http://groups.google.com/group/stopbadware/browse_thread/thread/5d4187b832224f51
>> there are many more.
>>
> New info? LMAO! The thread is about an infected WEB SITE, not a User's
> computer!!! :-))

I just read the stopbadware thread listed above, and it sure looks to me
as if it is about the hacking of web sites - *which in turn* - infect
the computers of visitors with inferior browsers and JavaScript enabled.

--
-bts
-No, I haven't been following this entire </noscript> thread

aoks...@gmail.com

unread,
Jan 25, 2008, 5:00:15 PM1/25/08
to
On Jan 25, 3:57 pm, "Beauregard T. Shagnasty"
<a.nony.m...@example.invalid> wrote:
> Ed Jay wrote:
> > aoksi...@gmail.com scribed:

>
> >> Ed Jay <ed...@aes-intl.com> wrote:
> >>> aoksi...@gmail.com scribed:
>
> >> For the people who accept new info here is one link to a direct
> >> infection caused by JavaScript
> >>http://groups.google.com/group/stopbadware/browse_thread/thread/5d418...

> >> there are many more.
>
> > New info? LMAO! The thread is about an infected WEB SITE, not a User's
> > computer!!! :-))
>
> I just read the stopbadware thread listed above, and it sure looks to me
> as if it is about the hacking of web sites - *which in turn* - infect
> the computers of visitors with inferior browsers and JavaScript enabled.
>
> --
> -bts
> -No, I haven't been following this entire </noscript> thread

Thank you.

Daniel

Ed Jay

unread,
Jan 25, 2008, 5:22:02 PM1/25/08
to
Beauregard T. Shagnasty scribed:

That's not quite how I read it. I'd have said that errant js on hacked web
sites can result in naughty files being downloaded, instead of the desired
file, and when the naughty file is executed by the user, it may infect the
user's computer. It is not the js that compromises the user's machine.

aoks...@gmail.com

unread,
Jan 25, 2008, 6:39:06 PM1/25/08
to
On Jan 25, 4:22 pm, Ed Jay <ed...@aes-intl.com> wrote:
> Beauregard T. Shagnasty scribed:
>
>
>
> >Ed Jay wrote:
>
> >> aoksi...@gmail.com scribed:

>
> >>> Ed Jay <ed...@aes-intl.com> wrote:
> >>>> aoksi...@gmail.com scribed:
>
> >>> For the people who accept new info here is one link to a direct
> >>> infection caused by JavaScript
> >>>http://groups.google.com/group/stopbadware/browse_thread/thread/5d418...

> >>> there are many more.
>
> >> New info? LMAO! The thread is about an infected WEB SITE, not a User's
> >> computer!!! :-))
>
> >I just read the stopbadware thread listed above, and it sure looks to me
> >as if it is about the hacking of web sites - *which in turn* - infect
> >the computers of visitors with inferior browsers and JavaScript enabled.
>
> That's not quite how I read it. I'd have said that errant js on hacked web
> sites can result in naughty files being downloaded, instead of the desired
> file, and when the naughty file is executed by the user, it may infect the
> user's computer. It is not the js that compromises the user's machine.
> --
> Ed Jay (remove 'M' to respond by email)

Please read this

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5FIESLICE%2EAQ&VSect=T

and this

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5FIESLICE%2EAQ&VSect=Sn

It more clearly states the issue.

Daniel

http://a-ok-site.com

Ed Jay

unread,
Jan 25, 2008, 7:13:03 PM1/25/08
to
aoks...@gmail.com scribed:

Thanks, but I'm not sure I understand. The citation says, and I paraphrase
for brevity:
>>>
>This malicious JavaScript is hosted on a Web site and runs when a user accesses the said Web site.

Yup

>This malicious JavaScript accesses the following URL to download files:

Yup

>It takes advantage of the following software vulnerabilities:
><snip> All ActiveX exploits

ActiveX exploits... I understand the security issues with ActiveX

>Upon successful exploit, the system is redirected to the following Web site to download a malicious file

OK

>It saves the downloaded files..

OK

>It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.
>>>
To my knowledge, the only way that js can execute a local file is either
with user permission, or by exploiting security holes in either the browser
(IE is infamous) or the ActiveX controls. Google 'javascript "execute local
files"' for an explanation.

I conclude that js isn't the problem, but poor browser design and those
lovely ActiveX controls are (forgetting those who execute files they
shouldn't). Hence, your original statement

>One significant reason for disabling JavaScript when browsing the
>Internet is that it is a definite security hazard to the user if they
>have JavaScript enabled. There is a lot of malicious code on web
>sites that uses JavaScript to infect the user's computer with
>malicious code.

is true only if the user's system is already compromised.

aoks...@gmail.com

unread,
Jan 25, 2008, 7:17:15 PM1/25/08
to
On Jan 25, 6:13 pm, Ed Jay <ed...@aes-intl.com> wrote:
> aoksi...@gmail.com scribed:

>
>
>
> >On Jan 25, 4:22 pm, Ed Jay <ed...@aes-intl.com> wrote:
> >> Beauregard T. Shagnasty scribed:
>
> >> >Ed Jay wrote:
>
> >> >> aoksi...@gmail.com scribed:
>
> >> >>> Ed Jay <ed...@aes-intl.com> wrote:
> >> >>>> aoksi...@gmail.com scribed:
>
> >> >>> For the people who accept new info here is one link to a direct
> >> >>> infection caused by JavaScript
> >> >>>http://groups.google.com/group/stopbadware/browse_thread/thread/5d418...
> >> >>> there are many more.
>
> >> >> New info? LMAO! The thread is about an infected WEB SITE, not a User's
> >> >> computer!!! :-))
>
> >> >I just read the stopbadware thread listed above, and it sure looks to me
> >> >as if it is about the hacking of web sites - *which in turn* - infect
> >> >the computers of visitors with inferior browsers and JavaScript enabled.
>
> >> That's not quite how I read it. I'd have said that errant js on hacked web
> >> sites can result in naughty files being downloaded, instead of the desired
> >> file, and when the naughty file is executed by the user, it may infect the
> >> user's computer. It is not the js that compromises the user's machine.
> >> --
> >> Ed Jay (remove 'M' to respond by email)
>
> >Please read this
>
> >http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5F...
>
> >and this
>
> >http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=JS%5F...

Ed Jay,

The past few posts and any future posts are not intended for you.
They are intended for everyone else that might find this new type of
malicious code / exploit of interest.

Best Wishes,

Daniel


http://a-ok-site.com

Beauregard T. Shagnasty

unread,
Jan 25, 2008, 7:30:31 PM1/25/08
to
Ed Jay wrote:

It is the js that causes the naughty file to be downloaded. Why is that
hard for you to understand? (If it's an ActiveX control/file, and you
are using Internet Exploder, you've been had.)

--
-bts
-Friends don't let friends drive Vista

Ed Jay

unread,
Jan 25, 2008, 8:04:15 PM1/25/08
to
Beauregard T. Shagnasty scribed:

I understand fully that it's the js that causes the file to be downloaded. I
also understand that js can execute a local file only on an already
compromised system. Call me pedantic if you must, but javascript cannot do
anything bad to a user's computer that has not been otherwise compromised.
If the system is already compromised, excepting for the moment, disabling
javascript does not fix the problem anymore than taking an aspirin is going
to cure a disease that causes a headache.

I'm not using IE or ActiveX controls with their known security issues. My
system is adequately protected against viruses, trojans worms, etc. Should I
disable js on my browser because js is a security issue with aberrant
machines? I don't think so.

Ed Jay

unread,
Jan 25, 2008, 8:20:44 PM1/25/08
to
aoks...@gmail.com scribed:

>The past few posts and any future posts are not intended for you.
>They are intended for everyone else that might find this new type of
>malicious code / exploit of interest.
>
>Best Wishes,
>

Thanks, Daniel, but I'd assume that with little exception, the participants
in this NG have taken appropriate steps to maintain the integrity of their
computers, and don't worry needlessly over some errant site infecting them.
But, please continue with your quest to disseminate misinformation. With the
writers still on strike, it's refreshing to read your new jokes.

Message has been deleted

Ed Jay

unread,
Jan 25, 2008, 9:40:21 PM1/25/08
to
aoks...@gmail.com scribed:

>BM
>
lol. You've already shown us your lack of intellectual skills, although I
must admit that your responses clearly illustrate your ability to ignore the
humiliation of self-proclaimed ineptitude. But, why compound your
self-denigration by demonstrating your childish nature? Rest assured that
your contributions are given the respect they so richly deserve.

VK

unread,
Jan 26, 2008, 12:10:30 PM1/26/08
to
On Jan 25, 6:41 pm, "aoksi...@gmail.com" <aoksi...@gmail.com> wrote:
> The previous posts are ridiculous and made by people that have little
> or knowledge of valid coding of web pages, so the OP needs to
> disregard their posts and follow accepted procedures.

Kindly asking to keep you mouth shut until there is something wise to
say.

> L. 508 Standards, Section 1194.22

Before quoting any law it is wide to check what kind of law is that
and to what domain does it apply. I already explained in this NG the
508 hoax several times, but maybe it is time to do once again:

"Section 508 requires that Federal agencies' electronic and
information technology is accessible to people with disabilities. IT
Accessibility & Workforce Division, in the U.S. General Services
Administration's Office of Governmentwide Policy, has been charged
with the task of educating Federal employees and building the
infrastructure necessary to support Section 508 implementation. Using
this web site, Federal employees and the public can access resources
for understanding and implementing the requirements of Section 508."
(http://www.section508.gov)

Can you see any difference between a federal US facility and a dotcom
site? I guess not.


Message has been deleted

owo...@gmail.com

unread,
Jan 28, 2008, 9:43:35 PM1/28/08
to
On Jan 25, 12:33 pm, Andy Dingley <ding...@codesmiths.com> wrote:
> On 25 Jan, 15:47, "aoksi...@gmail.com" <aoksi...@gmail.com> wrote:
>
> > More info on 508 standards
>
> >http://www.access-board.gov/sec508/guide/1194.22.htm
>
> A site which uses client-side JS to display a "disclaimer"!http://www.access-board.gov/js/disclaimer.js
>
> Noow _that's_ real genius!


The real genius would be to figure how the hell somebody as stupid as
you makes it in the world.

Nisse Engström

unread,
Jan 29, 2008, 7:38:37 AM1/29/08
to
On Fri, 25 Jan 2008 11:21:12 -0800, Ed Jay wrote:

> aoks...@gmail.com scribed:
>

>>One significant reason for disabling JavaScript when browsing the
>>Internet is that it is a definite security hazard to the user if they
>>have JavaScript enabled. There is a lot of malicious code on web
>>sites that uses JavaScript to infect the user's computer with
>>malicious code.
>>

> Please elaborate by providing an example of how js can be used to compromise

> a user's computer with malicious code.

Search for "Javascript" on <http://secunia.com/search/>
and similar sites. Some examples (note the proposed
solution in the first one):


<http://secunia.com/advisories/27427/>:

"Description:
Sun has acknowledged some vulnerabilities in Mozilla 1.7 for
Sun Solaris, which potentially can be exploited by malicious
people to compromise a user's system.
...
Solution:
The vendor recommends disabling the JavaScript support. Please
see the vendor's advisory for details."


<http://secunia.com/advisories/26477/>:

"Description:
A vulnerability has been reported in Opera, which potentially
can be exploited by malicious people to compromise a user's
system.

The vulnerability is caused due to an unspecified error when
processing JavaScript code and can result in a virtual function
call using an invalid pointer. This can be exploited to execute
arbitrary code by e.g. tricking a user into visiting a malicious
website."


<http://secunia.com/advisories/26287/>:

"Description:
Some vulnerabilities have been reported in Apple iPhone, which
can be exploited by malicious people to conduct cross-site
scripting and spoofing attacks, and potentially to compromise
a vulnerable system.
...
2) A boundary error in the Perl Compatible Regular Expressions
(PCRE) library used by the Javascript engine in Safari can be
exploited to cause a heap-based buffer overflow when a user
visits a malicious web page.

Successful exploitation may allow execution of arbitrary code."


/Nisse

Ed Jay

unread,
Jan 29, 2008, 11:07:23 AM1/29/08
to
Nisse Engström scribed:

Compromised integrity due to vulnerabilities, i.e., security holes, in
browsers are not the fault of javascript.

Chris Morris

unread,
Jan 29, 2008, 11:46:31 AM1/29/08
to
Ed Jay <ed...@aes-intl.com> writes:
> Compromised integrity due to vulnerabilities, i.e., security holes, in
> browsers are not the fault of javascript.

Compare this to lying on a road in the middle of the night wearing
dark clothing. You might get hit by a car or two, but that means that
cars are dangerous, not the road. Nevertheless, sensible people rarely
lie down on roads.

If you have to disable your browser's Javascript interpreter because
it has security bugs (and the record suggests that the interpreters in
all major browsers are likely to contain significant undiscovered
bugs) that a malicious site might use to take over your computer, then
the fact that the Javascript itself is perfectly safe is irrelevant.

--
Chris

Ed Jay

unread,
Jan 29, 2008, 12:14:59 PM1/29/08
to
Chris Morris scribed:

>Ed Jay <ed...@aes-intl.com> writes:
>> Compromised integrity due to vulnerabilities, i.e., security holes, in
>> browsers are not the fault of javascript.
>
>Compare this to lying on a road in the middle of the night wearing
>dark clothing. You might get hit by a car or two, but that means that
>cars are dangerous, not the road. Nevertheless, sensible people rarely
>lie down on roads.

Terrible analogy. :-)


>
>If you have to disable your browser's Javascript interpreter because
>it has security bugs (and the record suggests that the interpreters in
>all major browsers are likely to contain significant undiscovered
>bugs) that a malicious site might use to take over your computer, then
>the fact that the Javascript itself is perfectly safe is irrelevant.

It's relevant to the OP.

0 new messages