Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Re^2: Sharing JS-Code on perlmonks.org

by LanX (Saint)
on May 19, 2009 at 09:48 UTC ( [id://764876]=note: print w/replies, xml ) Need Help??


in reply to Re: Sharing JS-Code on JS
in thread Sharing JS-Code on perlmonks.org

oops... wow that's much easier than what I figured out. (silly me! : )

The following code in my free nodelet loaded and executed code from my scratchpad:

<h5>embeddingtest</h5> <!-- <script> function evalFrame(iframe) { var html =iframe.contentDocument.body.innerHTML; html=html.replace(/^<pre>/,""); html=html.replace(/<\/pre>$/,""); eval(html) } </script> <iframe name="embed" height=30 width=150 onload="evalFrame(this)" styl +e="display:none" src="index.pl?abspart=1;displaytype=displaycode;node +_id=708739;viewmode=public;part=1"></iframe>

(my example code changes the title of the window, without stopping the build up of the page like alert() does)

just some notes:

1. With my method I needed to truncate some html-code, now I realize that it's the browser who inserted this code by itself.
2. "viewmode=public;" was necessary for me because sometimes the server choosed my private scratchpad instead.
3. The extra request slows down the browser and server.
4. IMHO you don't need jQuery for XmlHttpRequests, why do you think so?

Why do you consider sharing JS-code as a risk? An intruder can only manipulate pages within the perlmonks sandbox not my online banking. IMHO using opensource software is a much higher risk...

Cheers Rolf

Replies are listed 'Best First'.
Re^3: Sharing JS-Code on perlmonks.org
by Corion (Patriarch) on May 19, 2009 at 10:02 UTC

    I consider embedding JS from a third party source a risk because you don't control said third party - especially anybody who steals the login of said third party can then execute code as you on your machine under the security context of perlmonks.org, potentially wiping all your nodes or worse.

    If you don't want the extra request to "slow down" your browser, you can try making the request to a different domain than the "main" Perlmonks domain you're using. Alternatively, you can of course put the Javascript onto a different machine that serves static files and hence might be faster.

    I like jQuery because it encapsulates XmlHttpRequest into something that works with less pain than me having to dive into the incompatibilities between browsers and potentially having to write a poll loop. Also, I like the way jQuery allows DOM manipulation, hence I don't write my own Javascript for that anymore but use a library.

      OK hijacking the account may be easier than manipulating sourceforge...

      Well, JQuery needs gzipped about 19kb, so it's by itself a candidate for an embedded external JS...

      But I see your point.

      Cheers Rolf

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://764876]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others examining the Monastery: (8)
As of 2024-03-28 15:02 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found