Java script in the monastery

Replies are listed 'Best First'.
Re: Java script in the monastery by tachyon (Chancellor) on Jul 09, 2001 at 23:40 UTC
Javascript code is embedded in HTML documents. Without parsing every single document for javascript (and deleting it) before the server sends the HTML document to the client (your web browser) this is just not possible. As this site gets a million+ hits a month that's a lot of editing :-) < <Update> But as usual at perlmonks the impossible is done yesterday - it's only miracles that take a little longer! Thanks to tye and chipmunk. Script tags are stripped on submission of nodes (home nodes being an exception apparently) so you get the warnings when you visit some home nodes and the javascript contained in them executes. At my home node you get a silly flashing message in the search box or even sillier Don't touch me mousover courtesy of javascript. </Update> The warnings you get are to try to protect you from some of the potential problems which could occur. There are some well documented hacks involving almost all code that is allowed to run on your machine when you browse. Javascript, Active X and Java applets of the malicious type are known to be out there. The javascript runs on the client machine. Your machine. The javascript interpretter is in your web browser. This is a logical point to kill it if that is what you want to do. It is your choice. Active X and Java applets also run on the client. They too can be used to hack your system. To kill javascript under Netscape Edit\|Preferences\|Advanced -> and check the kill javascript box. Under IE Tools\|Internet Options\|Security\|Custom Level\| -> then select the kill script radio button (look for Scripting and disable it). While you are there kill active X, java applets etc. You need to do this for all your security zones but the internet one particularly. You can undo it if you want. cheers tachyon s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print	[reply]
(tye)Re: Java script in the monastery by tye (Sage) on Jul 09, 2001 at 23:53 UTC
See perl monks approved html tags. The Monastery is already parsing all of the HTML. The stripping of JavaScript is done when the text is submitted, not when it is displayed. It is just that this list of approved tags isn't applied to home nodes (though home nodes are still filtered, just not as much). - tye (but my friends call me "Tye")	[reply]
Re: Re: Java script in the monastery by chipmunk (Parson) on Jul 09, 2001 at 23:53 UTC
I have to disagree. The PerlMonks site already does considerable filtering of node contents, including expansion of the [link] syntax, translation of CODE to PRE with appropriate encoding of the text, filtering out of various undesirable HTML tags, and so on. Additionally, SCRIPT tags are already filtered out in regular nodes. Automatically filtering out SCRIPT tags in home nodes would be trivial, both in implementation and in its effect on the web server.	[reply]
Re: Java script in the monastery by VSarkiss (Monsignor) on Jul 10, 2001 at 00:03 UTC
I would also like to see a higher level of filtering in home nodes. I understand the point tachyon is making about controlling Javascript at the client, but there's also a question of convenience. It's easy when I'm at home and using Konqueror, since I have much more control over running Javascript. (OT: my absolute favorite option is "Enable Javascript except `window.open`".) But when I'm at a client and using IE5, it's much more tedious since I can't adjust settings per site. (I know about "restricted sites", but that's a whole group of sites, not just one.)	[reply]
Re^2: Java script in the monastery by PhilHibbs (Hermit) on Sep 21, 2003 at 07:57 UTC
I can't turn off JavaScript. Our NT machines are 'secured' so that we can't change the security settings.	[reply]
Re: Java script in the monastery by ignatz (Vicar) on Feb 14, 2002 at 15:53 UTC
This would be all fine if part of my gig as a web developer wasn't CODING IN JAVASCRIPT. ()-() \"/ `	[reply]

<Update>

</Update>