Re: use PerlScript && die;

in reply to use PerlScript && die;

I read a lot about dangerous JavaScript and want to avoid it. However, I need to persuade my group, and they are not scared yet. Can you please suggest some links to nice scary "horror stories" about what can go wrong if JavaScript/PerlScript is enabled? Or some web site with this kind of info? Thanks!

pmas
To make errors is human. But to make million errors per second, you need a computer.

Comment on Re: use PerlScript && die;

Replies are listed 'Best First'.
Re(2): use PerlScript && die; by dmmiller2k (Chaplain) on Sep 10, 2001 at 17:36 UTC
For an example of Javascript that blew me away, see this. It is a Powerpoint 2000 presentation, simply saved "As a Web Page." The result was an html file named for the presentation, and a directory of files (.html, .js, .gif & .jpg), which *completely* implement the presentation using client-side (javascript) code! Perhaps it's because I rarely, if ever, need Powerpoint for anything, but I had no idea such sophistication was possible without server-side (i.e., Perl) support. This is a completely automated (read: accessible to the masses) feature. It scales the images dynamically to the available browser window size, supports on-screen controls for navigating the presentation, an outline frame and the ability to turn it off. The part that floored me was that simply by opening the root HTML file on my C: drive (repeat: no web server involvement!), the full presentation was available in my browser!. In IE 5 or better, you get a button (lower-right) that runs the slide show full screen. It puts to shame my own little concoction which I threw together for my sons' school in order to display the computer artwork produced by the class (see: Turtle Pictures, or Family Pictures). OK, so perhaps it doesn't write to the file system or do anything (apparently) malicious. But this is machine-generated canned code, untouched by programmers' hands (mine anyway). Until I saw this, I would have assumed that such a thing was only possible with CGI or its ilk (JSP, java servlets, ASP, or other server-side technologies). I shudder to think about the level of sophistication possible in skilled hands (read: spoofing unsuspecting users into providing otherwise-off-limits access to theirs files and machine). (In case you're wondering: Recently, a close friend passed away, well-loved and respected by a large group of family, friends and professional associates. A gala celebrating her life was held, at which a slide show ran showcasing pictures documenting her life. I became involved by volunteering to find a place to host it online.) dmm Just call me the Anti-Gates ...	[reply]

Replies are listed 'Best First'.

Re(2): use PerlScript && die;
by dmmiller2k (Chaplain) on Sep 10, 2001 at 17:36 UTC

For an example of Javascript that blew me away, see this.

It is a Powerpoint 2000 presentation, simply saved "As a Web Page." The result was an html file named for the presentation, and a directory of files (*.html, *.js, *.gif & *.jpg), which completely implement the presentation using client-side (javascript) code!

Perhaps it's because I rarely, if ever, need Powerpoint for anything, but I had no idea such sophistication was possible without server-side (i.e., Perl) support.

This is a completely automated (read: accessible to the masses) feature. It scales the images dynamically to the available browser window size, supports on-screen controls for navigating the presentation, an outline frame and the ability to turn it off. The part that floored me was that simply by opening the root HTML file on my C: drive (repeat: no web server involvement!), the full presentation was available in my browser!. In IE 5 or better, you get a button (lower-right) that runs the slide show full screen.

It puts to shame my own little concoction which I threw together for my sons' school in order to display the computer artwork produced by the class (see: Turtle Pictures, or Family Pictures).

OK, so perhaps it doesn't write to the file system or do anything (apparently) malicious. But this is machine-generated canned code, untouched by programmers' hands (mine anyway). Until I saw this, I would have assumed that such a thing was only possible with CGI or its ilk (JSP, java servlets, ASP, or other server-side technologies). I shudder to think about the level of sophistication possible in skilled hands (read: spoofing unsuspecting users into providing otherwise-off-limits access to theirs files and machine).

(In case you're wondering:
Recently, a close friend passed away, well-loved and respected by a large group of family, friends and professional associates. A gala celebrating her life was held, at which a slide show ran showcasing pictures documenting her life. I became involved by volunteering to find a place to host it online.)

dmm

Just call me the Anti-Gates ...

[reply]

In Section Meditations