Printer Friendly Version
Email this thread to a friend
|
Featured Web Site Template |
|
Reflects user activity within the last 5 minutes
|
|
| Member |
Message |
david68
Joined: May 16, 2005
# Posts: 144
|
Posted: 2005-May-28 02:19
Currently I have a table with 2 cells. 1 cell has thumbnails of photos, when you click them the photo displays in the other cell which has an IFRAME in it. Is there some other way to direct a click to a cell? Thanks
|
 |
Curt
Joined: Eons Ago
# Posts: 3747
|
Posted: 2005-Jun-09 13:41
You can use Javascript to change an image in another cell. The only drawback to that is that all images need to be the same pixel size (height and width).
|
|
david68
Joined: May 16, 2005
# Posts: 144
|
Posted: 2005-Jun-10 11:43
I want to avoid JS. I know css allows alot of funky stuff so I was wondering if there was a way to label a cell simular to how iframe works, but apparently not. Thanks
|
|
Curt
Joined: Eons Ago
# Posts: 3747
|
Posted: 2005-Jun-11 20:27
Hiding and showing CSS layers also requires JavaScript.
SIDE POINT: I hope you aren't avoiding JavaScript just because you've heard the stupid rumors about it being dangerous. It's not dangerous. What's dangerous is ActiveX, not javascript. Webmasters ought to promote javascript where possible and practical.
|
|
david68
Joined: May 16, 2005
# Posts: 144
|
Posted: 2005-Jun-13 18:58
No. I avoid JS because some people don't have it and search engines can't see it properly. I need the links to get indexed and I don't think it would work properly if done using JS, correct me if I'm wrong.
Also, JS does have security breeches - that's well known... it's not as dangeous as ActiveX but it does have issues. I also don't like it because of the trickery some websites do using it. Very annoying.
|
|
lizardz
Joined: Nov 12, 2004
# Posts: 1394
|
Posted: 2005-Jun-13 20:57
"I need the links to get indexed and I don't think it would work properly if done using JS, correct me if I'm wrong."
You're not wrong. Also, making any site functionality depend on javascript is a bad idea, you won't find any major sites I've seen do that. You can use it for eyecandy things like triggering drop menus or whatever, as long as there are hard coded options somewhere that lets the user get to the same place with no js.
Not too long ago there was a decent js exploit that would actually allow a bad site to turn on your msie's active x if it was off for security reasons, then install the active x exploit. This has been patched since then, but if you're looking for a strong track record of security with JS, especially with MSIE, you won't find it.
I figure 5%, give or take, of users have js off, it varies, sometimes the latest security alert for msie explicitely calls for users to turn off js until the patch is released. This happens at least once a year, at least it has, since at least about 2000 or so, sometimes more than once a year. You can pretend it doesn't happen, but it does. MS actually released their ie 5.5 upgrade version with js turned off, that was the version you downloaded from microsoft.com, I think it was the code red or something exploit, can't remember. And there's been exploits since the famed xp sp2 that also have forced this type of announcement.
When I think js, I think two things:
client side validation, backed by server side validation
eye candy.
|
|
Curt
Joined: Eons Ago
# Posts: 3747
|
Posted: 2005-Jun-15 06:43
I'd like to see direct evidence of real JS actually causing security problems. In nearly every instance that I've read about, JS was mentioned in connection to some sort of ActiveX thing. It was the ActiveX that actually caused the problem. Also, in MSIE, it uses Jscript which is not true JavaScript. Jscript can tap into the VBscript commands which "again" isn't JavaScript. VBscript is another dangerous avenue available with MSIE. Strict JavaScript isn't the problem. VBscript and ActiveX are the real culprits. I've not seen serious problems with real genuine JavaScript causing security issues. It's usually a combination of something else running on dumb MSIE. People should stop using MSIE--that's the real problem.
There have been problems with ordinary GIFs and JPEGs too. Do we quit using images because they've been known to install viruses? Maybe we should campaign against the use of images too. Don't think true JS is any more dangerous than the harmless cookie (which has also been accused of problems unfounded).
I do agree that using JavaScript for the sole means of Navigation is a bad idea because it prevents spidering of your web site, but this person is talking about displaying pictures which is hardly the same thing here. JavaScript would be perfect for that sort of application.
|
|
david68
Joined: May 16, 2005
# Posts: 144
|
Posted: 2005-Jun-15 12:56
but this person is talking about displaying pictures which is hardly the same thing here
It is the same, as I want the pictures indexed so people might find them using an image search and visit my site. My gallery is outdated/flawed at the moment, but eventually it'll be fixed 
RE: JS - it isn't needed, period. It has it's uses, but it has it's problems. I use Mozilla as IE is so flawed, but even Mozilla has security issues, but they patch it quickly unlike IE - period.
[ Message was edited by: bhartzer 06/15/2005 03:27 pm ]
|
|
lizardz
Joined: Nov 12, 2004
# Posts: 1394
|
Posted: 2005-Jun-15 19:52
I'd like to see direct evidence of real JS actually causing security problems. In nearly every instance that I've read about, JS was mentioned in connection to some sort of ActiveX thing.
the problem here isn't whether or not js is actually causing security problems - and if js on msie is being used to reactivate active x to install malware, how can you possibly not call that a security problem? That is a security problem, and a very serious one. Javascript is being used to do somethign it wasn't supposed to be able to do, aka a bug in the js msie restrictions.
A security problem means that the javascript component, usually on msie, is being used to compromise the browser, it doesn't matter what method it's using to compromise the browser, the browser is still being compromised through js.
this is why almost every major msie security hole in recent years has recommended turning off active scripting, and active x, both. When the user has followed this advice, site js will not function.
Re image directories, use php or some other server side scripting language to generate your image paths, that will get your images listed, the more server side programming I learn, the less JS I use.
[ Message was edited by: bhartzer 06/15/2005 03:27 pm ... Reason: formatted quote ]
|
|
g1smd
Staff
Joined: Jul 28, 2002
# Posts: 10465
|
Posted: 2005-Jun-15 20:37
the more server side programming I learn, the less JS I use
...ain't that the truth! Indeed, it is so.
[ Message was edited by: bhartzer 06/15/2005 03:28 pm ... Reason: formatted quote ]
|
|
Curt
Joined: Eons Ago
# Posts: 3747
|
Posted: 2005-Jun-15 23:03
It's a shame the prevailing attitude towards JavaScript is so negative. JS can be a very useful tool (i.e. google ads for generating revenue). It would be hard to deliver those ads easily via another method (could be done but not easily). Seems some people would rather see tools like this go away.
True JavaScript commands cannot turn on ActiveX. That's plain misleading.
|
|
bhartzer
Staff
Joined: Jun 08, 2000
# Posts: 7042
|
Posted: 2005-Jun-15 23:32
I know some people have issues with using JavaScript. And there's definitely a reason why the search engine bots don't crawl it or include a parser.
Another alternative to JavaScript or the iframe is to make the thumbnail a link--a link to another html page that includes a larger version of the image. Doing it that way, you'll get more pageviews--more pageviews where you can display additional content, ads, or whatever.
|
|
lizardz
Joined: Nov 12, 2004
# Posts: 1394
|
Posted: 2005-Jun-16 08:53
True JavaScript commands cannot turn on ActiveX. That's plain misleading.
Curt, I've already said this, and I'll say it one more time: js was used to trigger active x. That's a fact, if you don't like facts, then I'm sorry, but it's a fact. The fact was that it was a bug in the js implementation, and the active x security, but that doesn't change the fact that js was the medium used to trigger this event. I'm sorry if this fact bums you out, but that's life.
Personally, I stopped using js for most things not because of security concerns, but because I got tired of new browser releases breaking complex js, that was dom compliant, clean code, just a bad js implementation.
Your example of google adsense js is a good example of decent use of js, it's not site critical, if js is turned off the user still sees your site, only slightly improved because there's no ads, a perfect use for js.
I used to really like js, but gave up when safari broke some complex stuff I had up and it took me almost a week to fix it, finally gave up and implemented a php/css solution and I haven't had a problem with that since.
I've had even the simplest js fail on for example IE 5.x mac, it just got ridiculous, boring, pointless, waste of my time running after bugs in browser js engines, I'd rather just spend that time writing solid backend programming that will never break any browser I ever send it to, just have one life, and already spent enough of it on js bugs.
[ Message was edited by: bhartzer 06/16/2005 03:18 pm ]
|
|
Curt
Joined: Eons Ago
# Posts: 3747
|
Posted: 2005-Jun-16 23:07
lizardz said:
I'll say it one more time: js was used to trigger active x
I'll say this again... TRUE JavaScript (keyword being "true" ) cannot activate other applications. If scripting activates ActiveX (this will happen if ActiveX setting is turned on) then it is an IE specific scripting language related to vbscripting commands, but that isn't true javascript. If it were true javascript, it would be able to launch programs in Netscape, Firefox, and Mozilla. I've never seen nor heard of reliable reports of Javascript launching an activex program in MSIE if the user has activex setting turned off in MSIE. I've seen this claim numerous times that JS is the culprit only to find that the person didn't turn off ActiveX in MSIE.
We have people here in the forums telling others to turn off JS when we should be telling them to turn off ActiveX setting instead. Turning off ActiveX will keep ActiveX (the dangerous component here) from launching. Another option is to set ActiveX to prompt MSIE so that the user can decide whether or not to run the ActiveX.
People can safely run JS on their browsers if the ActiveX setting has been turned off in MSIE.
SIDE POINT:
Your example of google adsense js is a good example of decent use of js, it's not site critical, if js is turned off the user still sees your site, only slightly improved because there's no ads, a perfect use for js.
If my income from a site is from those JS google ads they sure ARE critical--critical for me being able to keep the site up. No money from a site means it might go away.
Alas, I understand your reasons for not using JS. That's fine. It's just not necessary that other people get the wrong idea about JS when ActiveX is the dangerous component here. They just need to know how to turn off the ActiveX setting and they'll be fine.
|
|
david68
Joined: May 16, 2005
# Posts: 144
|
Posted: 2005-Jun-17 11:53
Another alternative to JavaScript or the iframe is to make the thumbnail a link--a link to another html page that includes a larger version of the image
My thumbnails are links. The problem is I want the picture displayed on the same page without reloading the page. My url is in my profile if you want to see my GALLERY. It's funny, I ask if CSS can do something simular to IFRAME and this turns into a JS debate 
How do you "quote" where the quoted text is in a white box?
|
|
lizardz
Joined: Nov 12, 2004
# Posts: 1394
|
Posted: 2005-Jun-17 19:10
Curt, you seem to be having some difficulty believing just how bad MSIE is. The exploit I'm referring to used javascript to turn on active x. Whatever theoretically can or can't be done is irrelevant. Active x had been turned off due to security concerns, so somebody figured out a way to make javascript, or maybe it was vbscript, don't know for sure, think it was javascript though, to turn on active x. What should be the case and what is the case can be very different animals.
Again, if people actually read what I've written, they won't get the wrong idea about js at all, they'll simply have access to some facts about how js has been used in the past, and why it's been repeatedly recommended to shut off all active scripting support in MSIE... note that curt, ACTIVE SCRIPTING, not ACTIVE X, which those alerts ALSO usually tell you to turn off. If I cared more I'd post a list of the security alerts from secunia and technet for you to read so you'd stop missing my point, but since I already know the history you can research it yourself if you don't believe me.
And besides, if anyone does actually read what I wrote, they'd see that security is not in fact my number one reason to de-emphasize js on my sites, it's browser js support problems that have consistently broken code that works, that's new browser releases like Safari/Konqueror, not old browsers. Plus I just don't like spending that much work creating something that a smart user can just turn off at will by disabling js support, especially smart corporate network admins.
This has formed a consistent pattern over the last 5 years, from ns 4x / ie 4-5x incompatibilities, msie 5x mac js problems, safari js issues, opera js issues, especially its annoying habit of allowing document.all without actually supporting document.all....
I used to think tracking down and working around all these issues was an interesting way to spend my time, I no longer think this, and my guess is neither will you in a few years if you try implementing advanced non-trivial js apps for your sites.
|
|
Curt
Joined: Eons Ago
# Posts: 3747
|
Posted: 2005-Jun-18 00:37
Plain JavaScript CANNOT turn on ActiveX.
Also there's a difference between activating ActiveX and actually switching the setting for ActiveX to the "ON" mode
within the Internet Options settings in MSIE. That is critical to know. I doubt that the ActiveX setting was switched from "OFF" to "ON" for the options, but rather the ActiveX was activated via the vbscript end of Active Scripting because the option was already set to "ON" in the first place. People get their seemingly known facts misrepresented due to the complexities associated with computers and software.
If by chance there was some sort of hacker scripting involved (which could be possible I imagine given MSIE's track record of insecurities) that could switch the ActiveX to the "ON" setting, it would be vbscript commands NOT plain JavaScript.
Unfortunately within MSIE Active Scripting encompasses both plain JavaScript language and the vbscript end too--at least it appears that way. MSIE is stupid that way.
BTW, people should be aware that if they do turn off Active Scripting, they lose out on all the sites that generate content written out with JavaScript and they also disable DHTML which is a very useful component on some sites. It limits the webmaster's ability to create useful tools that work on say "your admin page for Google Adwords and Adsense".
The end of the matter...
Quit using that dang MSIE and start using Mozilla/Firefox and you won't have to worry about crazy vbscripting running through your browser. JavaScript runs safely on Mozilla and keeps your pages functioning like they are suppose to. vbscripting won't work in Mozilla. That's the real solution.
Get your browser at: mozilla.org. It's easy to get, way more secure, and free!
Curt, you seem to be having some difficulty believing just how bad MSIE is.
I know it's bad. That's why I rarely use it except for updating WindowsXP for bugs/security issues and checking PR once in a while for a site. I browse most sites with Mozilla.
|
|
david68
Joined: May 16, 2005
# Posts: 144
|
Posted: 2005-Jun-18 14:32
FYI: JS "itself" doesn't turn on ActiveX - it's the EXPLOIT that turns it on. Probably a buffer-overrun THROUGH JS. If JS is ON - "JS's EXPLOIT" turns on ActiveX. Ok? Now we understand
|
|
lizardz
Joined: Nov 12, 2004
# Posts: 1394
|
Posted: 2005-Jun-18 20:21
david68, that's a clear way to say it. And today, there's an Opera JS exploit.
That's js, not vbscript, just like most of the others have been. Opera being opera, the patch is already out, fixed asap, like the recent firefox exploits, usually before the exploit even hits the wilds, unlike MSIE.
The key thing however in these exploits and warnings to understand is that it is completely irrelevant what method is used to exploit active scripting, js in most cases, the end result is the same, secunia/ms says this: workaround: turn off active scripting. I really can't count how many times I've read secunia, ms, security focus etc, put out this advice in the last 5 years.
|
|
Curt
Joined: Eons Ago
# Posts: 3747
|
Posted: 2005-Jun-19 06:49
How does a buffer-overrun work? I've read some things on it, but it still doesn't make much sense. Anyone have a layman's explanation of what goes on with a buffer-overrun?
|
|
You are not permitted to post messages in this forum or topic, because of one or more of the following reasons:
- You have not yet logged in, or registered properly as a member
- You are a member, but no longer have posting rights.
- This is a private forum, for which you do not have permissions.
If you are a recent member, it's possible that you simply have not yet confirmed your account. Please
check your email for a message entitled 'JimWorld Forums: Confirm Your Account' and follow the instructions
contained within.
If you cannot find this message, click here to Re-Send it.
|
If you are still experiencing problem, please read the
Login Assistance
Article for some advice on what may be causing your login not to work properly.
|
Switch to Advanced Editor and ...
Create a New Topic
or Reply to this Thread
|
|
Inbox
