Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Ongoing interest in Javascript issues

Published: 2007-03-16
Last Updated: 2007-03-16 23:48:20 UTC
by William Stearns (Version: 1)
0 comment(s)
    A number of today's posts to the handler's list were related to Swa Frantzen's "Javascript hiding everywhere" post.  The fact that javascript can be used, as he mentioned, to capture keystrokes or upload files should be cause for concern and reason to disable javascript whenever possible.
    I too have used the Noscript extension with firefox for a long time.  It allows me to enable javascript for the few trusted web sites that need it and disable it by default for all other sites.  Recommended.
    A few web sites try to force viewers to enable javascript by making their home page something like:
[script language="JavaScript"]
window.location.href = "index.php";
[/script]
    By simply looking at the source for the home page, one can figure out that index.php is where the web site lies, and sure enough, the remainder of the web site comes up just fine without javascript.
    -- Bill, http://www.stearns.org/
Keywords:
0 comment(s)
Diary Archives