Author Topic: Possible Security Issue? (Read 3573 times)

macdad- · « **on:** March 23, 2009, 04:58:51 PM »

I've wrote a small JS script(Netscape's JS) that displays the contents of a txt file onto a Cell on my Home page that acts as a monthly news column. And I'm wondering if it could be a security issue as far as the script.

The script is a seperate file and is called upon in index.html(the home page).

Here's the script:

Code: [Select]

var page="mlmnews.txt";

         function ajax(url,target)
          {
            if (window.XMLHttpRequest) 
            {
                req = new XMLHttpRequest();
                req.onreadystatechange = function() {ajaxDone(target);};
                req.open("GET", url, true);
                req.send(null);
            
            } 
            else if (window.ActiveXObject) 
            {
                req = new ActiveXObject("Microsoft.XMLHTTP");
                  if (req) {
                    req.onreadystatechange = function() {ajaxDone(target);};
                    req.open("GET", url, true);
                    req.send();
                }
            }
            setTimeout("ajax('"+url+"','"+target+"')", 10000);
           
         }
         function ajaxDone(target) {
            if (req.readyState == 4) {
                document.getElementById('B2').innerHTML = req.responseText;      
            }
         }         
                    
    ajax('mlmnews.txt','ajaxlist');

And here's the calling code in index.html:

Code: [Select]

<script language="JavaScript" src="update_news.js"></script>
Anything?

kpac · « **Reply #1 on:** March 24, 2009, 01:13:12 PM »

I don't see how there could be a security risk. The main way people exploit security is if there is a text field, or textarea etc on the page.

macdad- · « **Reply #2 on:** March 24, 2009, 05:17:33 PM »

Thanks Kpac for taking a look at it.

Just wanted to be sure.

kenjiemichael · « **Reply #3 on:** April 03, 2009, 07:48:16 AM »

idea is good!
Im just wondering about the search engine.
Im just hoping that it will not consider it as spam, coz as your script says it will create like a new items on you page.

just my thought.

kpac · « **Reply #4 on:** April 03, 2009, 08:17:37 AM »

Quote from: kenjiemichael on April 03, 2009, 07:48:16 AM

Im just hoping that it will not consider it as spam, coz as your script says it will create like a new items on you page.

It won't.

macdad- · « **Reply #5 on:** April 03, 2009, 11:20:03 AM »

Quote from: macdad- on March 23, 2009, 04:58:51 PM

...that displays the contents of a txt file onto a Cell on my Home page that acts as a monthly news column...

Computer Hope Forum

News:

Author Topic: Possible Security Issue? (Read 3573 times)

macdad-

Possible Security Issue?

kpac

Re: Possible Security Issue?

macdad-

Re: Possible Security Issue?

kenjiemichael

Re: Possible Security Issue?

kpac

Re: Possible Security Issue?

macdad-

Re: Possible Security Issue?