theotherside Posted May 10, 2006 Share Posted May 10, 2006 Hello i'm new heremay i ask you how to use javascript when the tag script not allowed?thx Link to comment Share on other sites More sharing options...
aspnetguy Posted May 10, 2006 Share Posted May 10, 2006 If the site doesa not allow <script> they don't want you using javascript.You could embed it in another tag <body onload="function(){javascript code here}"> Link to comment Share on other sites More sharing options...
Jack McKalling Posted May 10, 2006 Share Posted May 10, 2006 Most probably, when the script tag is not allowed, inline script would also be ignored.My best advice I can give is to search for another host, that does allow javascript. Host that don't just do stink Link to comment Share on other sites More sharing options...
theotherside Posted May 11, 2006 Author Share Posted May 11, 2006 thanks for your reply aspnet guy but unfortunately that code doesn't work just as dan prof saidMaybe i should tell you some details,i want to put some script in my friendster profile (i hope it doesn't get me banned in this forum, sorry (- -)!)but it seems tag script is not allowedbut i found someone use this script to allow javascript work <img src="" id="mycode" style="height:expr/**/ession(alert ('Hello!')); width:expr/**/ession(document.all.mycode.style.height='0px')" /> but i don't understand how is it work, and it's run on ie but not in firefox so i need guide from you guysthanks before Link to comment Share on other sites More sharing options...
Webworldx Posted May 11, 2006 Share Posted May 11, 2006 Unfortunately if the friendster network has decided to restrict javascript rights, we can't help you circumvent it. They'll have disabled it for a good reason Link to comment Share on other sites More sharing options...
Jack McKalling Posted May 12, 2006 Share Posted May 12, 2006 Not good enough in my opinion, but okay. :)If it is for security, it is because they have implemented toolbars, or other add things that are bad themselves Link to comment Share on other sites More sharing options...
aspnetguy Posted May 12, 2006 Share Posted May 12, 2006 Not good enough in my opinion, but okay. :)If it is for security, it is because they have implemented toolbars, or other add things that are bad themselves <{POST_SNAPBACK}> or they don't what users inserting malicious code. ....??? Dan your comments aren't making much sense. Link to comment Share on other sites More sharing options...
Jack McKalling Posted May 12, 2006 Share Posted May 12, 2006 I appologise, probably my getting-bad-english :)I mean, webhosts often insert their own scripts in your site when you have an account with them. So the pages you create will remain their own, and not yours because they have those limitations to what can harm 'their pages'. But if you really want a good host, they just don't touch your pages at all. check DeleXe Host for that matter.Having a site at such a host, will mean you have 100 percent accessability to whatever language or script you want, which should be standard. But I can understand it would not be without a price of course, unlike Dhost, most webhosts are paid sites. Link to comment Share on other sites More sharing options...
theotherside Posted May 13, 2006 Author Share Posted May 13, 2006 hmm how about we use img tag to load javascript source? can it be done?i mean like <img src="http://..../yourfilescript.js" /> can it? Link to comment Share on other sites More sharing options...
scott100 Posted May 13, 2006 Share Posted May 13, 2006 hmm how about we use img tag to load javascript source? can it be done?<{POST_SNAPBACK}> Nope, it didn't work for me Link to comment Share on other sites More sharing options...
theotherside Posted May 13, 2006 Author Share Posted May 13, 2006 <img src="" id="mycode" style="height:expr/**/ession(alert ('Hello!')); width:expr/**/ession(document.all.mycode.style.height='0px')" /> the code above is work on my friendster, that code result is alert message "Hello!"but i don't understand why/how is it work, so anyone please, tell meand when i use another javascript using format like that code it's doesn't work, how could?thanks before Link to comment Share on other sites More sharing options...
boen_robot Posted May 13, 2006 Share Posted May 13, 2006 Simple. IE has this behaviour that it allows JavaScript to be called with the expr/**/ession() function with any CSS proerty. It's something MS thought will be "cool" and allow things such as a varying width, depending on the screen resolution, but as others pointed already, it could actually lead to malicious code. Link to comment Share on other sites More sharing options...
scott100 Posted May 13, 2006 Share Posted May 13, 2006 This seems to be some kind of javascript hack. I'm not familiar with it myself.http://www.bitflux.ch/archive/2005/01/16/x...prevent-it.htmlIt's probably best not to use it though, if friendster found it it's more than likely you will get kicked out. Link to comment Share on other sites More sharing options...
theotherside Posted May 16, 2006 Author Share Posted May 16, 2006 omg, it's some kind of javascript hack?i'm so confuse that i found my self feel a bit proud and a bit guilty :)anyways do you people have any idea to make a pop-up greeting for my profile?could it be done using flash? any of you understand flash? please teach me, the flash section is amazingly quite Link to comment Share on other sites More sharing options...
Jack McKalling Posted May 16, 2006 Share Posted May 16, 2006 popups can't come up without scripts, but it may with flash I think. It should actually. But I can't help you there sorry :)You mean, instead of scripting, you'd use flash to execute script, don't you? Link to comment Share on other sites More sharing options...
theotherside Posted May 16, 2006 Author Share Posted May 16, 2006 yes, absolutely righti'm sorry if my bad english doesn't same with what i mean Link to comment Share on other sites More sharing options...
Jack McKalling Posted May 16, 2006 Share Posted May 16, 2006 I don''t blame you, I am not English either *waiting untill somebody resques him for coding in FLASH, which Dan can't do* Link to comment Share on other sites More sharing options...
aleksanteri Posted May 19, 2006 Share Posted May 19, 2006 Could the <noscript> tag work in this situation? Link to comment Share on other sites More sharing options...
Jack McKalling Posted May 19, 2006 Share Posted May 19, 2006 No haha lol :)Noscript doesn't do anything, it only replaces script elements when those are not supported, but are not supported themselves either :)They will be ignored when script elements actually are supported, so they'd act like alternative (but won't execute script, only show content) Link to comment Share on other sites More sharing options...
Webworldx Posted May 19, 2006 Share Posted May 19, 2006 I thought we agreed earlier that we weren't going to look for security holes in this.... Link to comment Share on other sites More sharing options...
aspnetguy Posted May 19, 2006 Share Posted May 19, 2006 I am closing htis thread...it is not the purpose of this forum to help users override other website's security measures. Link to comment Share on other sites More sharing options...
Recommended Posts