Author Topic: Hiding JavaScript on IE6  (Read 8889 times)

0 Members and 1 Guest are viewing this topic.

Offline Krazed

  • x86
  • Hero Member
  • *****
  • Posts: 1822
    • View Profile
Re: Hiding JavaScript on IE6
« Reply #15 on: July 04, 2005, 01:14:55 pm »
Microsoft has it's own standards, so that it can support it's own excuses. In the end, both suck.  :)
It is good to be good, but it is better to be lucky.

01Linux

  • Guest
Re: Hiding JavaScript on IE6
« Reply #16 on: July 04, 2005, 06:02:44 pm »
Quote
- Microsoft is concerned that some security researchers may not know the appropriate email alias to report security vulnerabilities to the
Microsoft Security Response Center.  Secure@microsoft.com is the public email alias for reporting security vulnerabilities to Microsoft.

Translation: STOP MAKING OUR SOFTWARE LOOK INFERIOR TO OTHERS AND CONSIDER THIS A SUBTLE WAY TO HAVE YOU REPORT IT TO OUR EMAIL ADDRESS!

Quote
- We continue to encourage all security researchers to work with
Microsoft on a confidential basis so that we can work together in
partnership to help protect Microsoft's customers and not put them at
unnecessary risk.

Translation: Calling all hackers!!1 Please exploit our software more and send us a detailed explanation and the perfect way to fix it k>?!

Offline MyndFyre

  • Boticulator Extraordinaire
  • x86
  • Hero Member
  • *****
  • Posts: 4540
  • The wait is over.
    • View Profile
    • JinxBot :: the evolution in boticulation
Re: Hiding JavaScript on IE6
« Reply #17 on: July 05, 2005, 08:39:46 pm »
Guys I really don't see this as an exploit.  It's more of an annoyance to web programmers, and one that I've been dealing with since IE4.

I've known about this for quite a long time.  If there was an exploit that would work, someone would have found it already.  But IE actually unloads the old page from memory -- it doesn't "hide" it as the guy who thinks he's someone suggested.  Functions in scope create a new document via document.write, and as soon as all the functions go out of scope, a temporary page is generated in-memory and that is loaded up as a new page (note that your Back button is enabled when you go to the proof-of-concept page).

But as soon as the functions go out of scope, the system stops processing data from the old page except anything in document.unload.
I have a programming folder, and I have nothing of value there

Running with Code has a new home!

Our species really annoys me.