| ??? 10/04/11 13:50 Read: times |
#184022 - The reason Responding to: ???'s previous message |
The reason for the security issues with buttons, is that javascript lives in a sandbox.
But this sandbox have different access rights depending on "why" the script wants to do something. A script that is just running on its own has very little access rights. For example may be totally blocked from popups. A script that is trigged by a user action can have much bigger access rights. For example be allowed to open a window when you click a button. Lots of users would be irritated if they click the button "Help" and their web browser doesn't open any help or requests an extra confirmation that you want to allow the web page to open another window. But these access rights aren't just limited to "almost" safe things like opening an extra window. That explicit button click can allow the javascript applet to do other things you do not like. On the other hand. Some malignant code explicitly opens fake windows claiming that the web browser have performed an invalid memory access and needs to be closed. Or that the javascript have tried a forbidden operation. But the popup box is false, and the confirm button to close the web browser or stop the script is actually the confirmation the actual start of the nasty part of the script. |
| Topic | Author | Date |
| Beware this nasty little paypal email fraud | 01/01/70 00:00 | |
| Don't respond to any email like this - *EVER* | 01/01/70 00:00 | |
| You can sometimes see the givaways | 01/01/70 00:00 | |
| The biggest giveaway... | 01/01/70 00:00 | |
| additionally | 01/01/70 00:00 | |
| Never click anything! | 01/01/70 00:00 | |
| The reason | 01/01/70 00:00 | |
| I quite like that | 01/01/70 00:00 | |
| fake windows | 01/01/70 00:00 | |
| Non-standard color scheme helps | 01/01/70 00:00 | |
| It's WAY too easy to counterfeit a web page | 01/01/70 00:00 | |
System dialog | 01/01/70 00:00 | |
| That's what I've been telling folks for years! | 01/01/70 00:00 |