Defense of JavaScript!
This page was written in response to the argument at http://www.scoopy.com/secure.htm that JavaScript steals your AUTOEXEC.BAT (or any other file that the writer wants). This, while perhaps possible, is not the case with the code used in the above page. The writer simply uses a HTML META tag to cause the visitor's browser to open the local AUTOEXEC.BAT file. The file never actually leaves the local computer. This seems to be an attempt to scare people into not using/enabling Javascript. All the JavaScript contained in the page is for initializing a counter and displaying a banner. The full source of the page is as follows:
<HTML> <HEAD> <TITLE>Security</TITLE> <META HTTP-EQUIV="REFRESH" CONTENT="10; URL=file:///c|/autoexec.bat"> <script> startday = new Date(); clockStart = startday.getTime(); function initStopwatch() { var myTime = new Date(); var timeNow = myTime.getTime(); var timeDiff = timeNow - clockStart; this.diffSecs = timeDiff/1000; return(this.diffSecs); } function getSecs() { var mySecs = initStopwatch(); var mySecs1 = ""+mySecs; mySecs1= mySecs1.substring(0,mySecs1.indexOf(".")) + " secs."; document.form1.timespent.value = mySecs1 window.setTimeout('getSecs()',1000); } </script> <script language="JavaScript"> var MESSAGE3 = "Security concerns abound on the web ...... For example, if you wait 30 seconds (timed left) I'm going to give you back your autoexec.bat file"; var MESSAGE1 = " .....Don't worry, I haven't done anything destructive .....but it do lead a man to wonder some, don't it? ...... "; var MESSAGE2 = "Don't look back ..... something may be gaining on you... said noted philosopher Satchel Paige ...... Here it comes. No harm can be done, no matter what you choose to do. "; var MESSAGE4 = " "; var MESSAGE = MESSAGE4+ MESSAGE3 + MESSAGE1 + MESSAGE2; var SPEED = 18; var id,pause=0,position=0; function banner() { var i,k,msg=MESSAGE; document.form2.banner.value=msg.substring(position,position+200); if(position++==msg.length) position=0; id=setTimeout("banner()",1000/SPEED); } function action() { if(!pause) { clearTimeout(id); pause=1; } else { banner(); pause=0; } } </script> </HEAD> <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#000080" VLINK="#008080" ALINK="#FF0000" onLoad="window.setTimeout('getSecs()',1)"> <h1>A brief demonstration</h1><p> <Table border=0 cellpadding=3 cellspacing=3> <tr> <td colspan=2><center>World<img src="earth.gif" align=middle>Wide Web</center></td> <td colspan=1><center><Img src="secure.gif"></center></td> </tr> <tr> <td colspan=1>The scrolling text will explain this timer.</td> <td colspan=1><form name=form1><input size=9 name=timespent></form></td> <td colspan=1><form name=form2><input type=text name=banner size=75 onFocus="blur()"></form></td> </tr> </table> <script> banner(); </script> <p>Count on new server: <img src="http://www.serve.com/cgi-bin/Count.cgi?df=scoop22.dat"> <p>Lifetime count, all pages: <IMG SRC="http://counter.digits.com/wc/-d/4/ScoopStuff" HSPACE=0 VSPACE=0 HEIGHT=16 WIDTH=40 align=bottom> <p>Unduplicated count</b></font><IMG SRC="http://counter.digits.com/wc/-d/4/wilyduck" HSPACE=0 VSPACE=0 HEIGHT=16 WIDTH=40 align=bottom> <p><!-- BEGIN WEBSIDESTORY CODE - ALTERING THIS CODE WILL CAUSE TERMINATION OF ACCOUNT --> <A HREF="http://204.94.67.40/a.cgi?D12463281"> <IMG SRC="http://204.94.67.40/wc/D12463281.cgi" ALT="CLICK HERE TO VISIT THE WORLD'S TOP 1000 LIST!"></A> <!-- END WEBSIDESTORY CODE --> </BODY> </HTML>