Beefy Boxes and Bandwidth Generously Provided by pair Networks
Your skill will accomplish
what the force of many cannot
 
PerlMonks  

Re: use PerlScript && die;

by pmas (Hermit)
on Sep 04, 2001 at 20:59 UTC ( #110084=note: print w/replies, xml ) Need Help??


in reply to use PerlScript && die;

I read a lot about dangerous JavaScript and want to avoid it. However, I need to persuade my group, and they are not scared yet. Can you please suggest some links to nice scary "horror stories" about what can go wrong if JavaScript/PerlScript is enabled? Or some web site with this kind of info? Thanks!

pmas
To make errors is human. But to make million errors per second, you need a computer.

Replies are listed 'Best First'.
Re(2): use PerlScript && die;
by dmmiller2k (Chaplain) on Sep 10, 2001 at 17:36 UTC

    For an example of Javascript that blew me away, see this.

    It is a Powerpoint 2000 presentation, simply saved "As a Web Page." The result was an html file named for the presentation, and a directory of files (*.html, *.js, *.gif & *.jpg), which completely implement the presentation using client-side (javascript) code!

    Perhaps it's because I rarely, if ever, need Powerpoint for anything, but I had no idea such sophistication was possible without server-side (i.e., Perl) support.

    This is a completely automated (read: accessible to the masses) feature. It scales the images dynamically to the available browser window size, supports on-screen controls for navigating the presentation, an outline frame and the ability to turn it off. The part that floored me was that simply by opening the root HTML file on my C: drive (repeat: no web server involvement!), the full presentation was available in my browser!. In IE 5 or better, you get a button (lower-right) that runs the slide show full screen.

    It puts to shame my own little concoction which I threw together for my sons' school in order to display the computer artwork produced by the class (see: Turtle Pictures, or Family Pictures).

    OK, so perhaps it doesn't write to the file system or do anything (apparently) malicious. But this is machine-generated canned code, untouched by programmers' hands (mine anyway). Until I saw this, I would have assumed that such a thing was only possible with CGI or its ilk (JSP, java servlets, ASP, or other server-side technologies). I shudder to think about the level of sophistication possible in skilled hands (read: spoofing unsuspecting users into providing otherwise-off-limits access to theirs files and machine).

    (In case you're wondering:
    Recently, a close friend passed away, well-loved and respected by a large group of family, friends and professional associates. A gala celebrating her life was held, at which a slide show ran showcasing pictures documenting her life. I became involved by volunteering to find a place to host it online.)

    dmm

    Just call me the Anti-Gates ...
    

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://110084]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (2)
As of 2022-05-28 19:17 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Do you prefer to work remotely?



    Results (101 votes). Check out past polls.

    Notices?