Archive for the ‘Javascript’ Category

Control HTML without javascript

Wednesday, September 1st, 2010 by Rafael Corral

This is something I have known about for a long time. It is advanced and can mostly be used for Cross Site Request Forgeries (CSRF). Not that I condone these, but the best way to defend yourself against hackers is by knowing as much as they do.

In some cases users turn javascript off in their browsers (I do) for security reasons. HTML has just about no scripting capabilities if you discard the FOR attribute on the LABEL tag. It is possible to trick a user into submitting a form by them simply highlighting text on a page. The FOR attribute binds a label to another element, which is some sort of scripting, I guess.

Read the rest of this entry »

Tags: ,
Posted in Javascript | No Comments »

Hardcore Javascript browser & computer fingerprinting

Thursday, February 18th, 2010 by Rafael Corral

This post contains a POC (Proof of concept) on how to detect if a user is using the same computer as they have previously used before. This can be useful if you want to register a user’s computer for a certain functionality that your website may have. It can also be used to only allow one computer to view private content of a site and has many other applications aside from being really cool!

The way the script works, it has functions to retrieve the following:

  • Browser type
  • Display width & height, color depth and available height
  • The plugins that are installed on the browser
  • The operating system the browser is running on

Read the rest of this entry »

Posted in Javascript, Operating System | 3 Comments »

Fix the sIFR bug when logged in (UPDATED!)

Wednesday, May 14th, 2008 by Jonathan Shroyer

I ran into a strange bug today while implementing sIRF into Joomla!. Everything looked great until I logged into the front-end. Then the titles show this:

Contact Us <!– function olMouseMove(e) { var e = e ? e : event; if (e.pageX) { o3_x = e.pageX; o3_y = e.pageY; } else if (e.clientX) { o3_x = eval(”e.clientX+o3_frame.” + docRoot + “.scrollLeft”); o3_y = eval(”e.clientY+o3_frame.” + docRoot + “.scrollTop”); } if (o3_allowmove == 1) {runHook(”placeLayer”,FREPLACE);if(olHideForm)hideSelectBox(); } if (hoveringSwitch && !olNs4 && runHook(”cursorOff”, FREPLACE)) { olHideDelay ? hideDelay(olHideDelay) : cClick(); hoveringSwitch = !hoveringSwitch; } } //–>

After many hours of frustration, we finally came up with a fix!

The error comes from a conflict between sIFR and OverLIB, so we just disabled OverLIB. To do this you have to open the base index.php file in the root directory. Go to line 214 and change FALSE to TRUE.


// set for overlib check
$mainframe->set( 'loadOverlib', true );

Your site will now display sIRF correctly when logged in.

UPDATE:

While we realized that turning off OverLIB was not a good idea, we didn’t have any better alternatives…until now! The problem was caused by the fact that Joomla! loads the front-end edit button inside the div with the class “contentheading,” which is translated by sIFR. To solve this, you have to edit com_content/content.html.php to move the edit button into a separate < td > so that it’s in line with the pdf/email/print buttons (and out of the contentheading div).

Thanks to Mike at mike.simbunch.com for the sharing this fix with us.

Posted in Javascript, Joomla, Templates | No Comments »

Close Window

Monday, June 5th, 2006 by Steven Pignataro

Many people come across this issue with popup windows when they want to give the user a close button instead of the X up at the top.

You can easily and quickly achieve this just by adding a ‘href’ tag.

The following code is a sample, so customize it to whatever you need.


<a target="_top" href="javascript:window.close()">Close Window</a>

Posted in Javascript | No Comments »