Points of Required Attention™
Please chime in on a proposed restructuring of the ROM hacking sections.
Views: 88,493,413
 Main | FAQ | Uploader | IRC chat | Radio | Memberlist | Active users | Latest posts | Calendar | Stats | Online users | Search 04-27-24 04:37 PM
Guest: Register | Login

0 users currently in Help/Suggestions/Bug Reports | 2 guests

Main - Help/Suggestions/Bug Reports - Post Layouts, Javascript, CSS and IE <7 New thread | New reply

Pages: 1 2

paulguy
Posted on 02-24-10 12:09 AM (rev. 2 of 02-24-10 12:10 AM) Link | Quote | ID: 127522


Flurry
Level: 37

Posts: 220/258
EXP: 327012
Next: 11241

Since: 04-10-07
From: Buffalo, NY

Last post: 5029 days
Last view: 4569 days

Rather than detecting the vulnerability by user agent anyway, may as well just detect the vulnerability by using it, then setting a flag for that person's session if it's detected.

____________________
"In other news, Scientists theoretize that CHEESECAKE CHEESECAKE CHEESECAKE." --Blackhole89

Mega-Mario
Posted on 02-24-10 12:36 AM Link | Quote | ID: 127524

Spamming from alt accounts.
Level: 81

Posts: 681/1610
EXP: 4880651
Next: 112198

Since: 09-10-08

Last post: 3590 days
Last view: 3010 days 		Hm, yeah, but how would a PHP script called by the vulnerability set a flag that the page's script could read while it's still loading?

____________________
Kafuka -- ROM hacking
Kuribo64 -- we hack shit

paulguy
Posted on 02-24-10 12:38 AM Link | Quote | ID: 127525


Flurry
Level: 37

Posts: 221/258
EXP: 327012
Next: 11241

Since: 04-10-07
From: Buffalo, NY

Last post: 5029 days
Last view: 4569 days

Can javascript write to cookies? I figure it could just be a value in a cookie. It might not be caught for the first thread view, but any views after that would have the effect.

____________________
"In other news, Scientists theoretize that CHEESECAKE CHEESECAKE CHEESECAKE." --Blackhole89

Mega-Mario
Posted on 02-24-10 12:45 AM (rev. 2 of 02-24-10 12:46 AM) Link | Quote | ID: 127527

Spamming from alt accounts.
Level: 81

Posts: 683/1610
EXP: 4880651
Next: 112198

Since: 09-10-08

Last post: 3590 days
Last view: 3010 days 		Ah, now I see. It'd be something like that 
body { width:expression(document.cookie+='; usingcrap=1'); }


And then, 
if ($_COOKIE["usingcrap"]==1) $removelayouts = 1;


____________________
Kafuka -- ROM hacking
Kuribo64 -- we hack shit

MapleMario
Posted on 02-24-10 01:12 AM (rev. 2 of 02-24-10 01:14 AM) Link | Quote | ID: 127530


Red Koopa
Level: 27

Posts: 55/126
EXP: 111446
Next: 4713

Since: 04-28-07
From: USA

Last post: 5070 days
Last view: 3889 days
Posted by Mega-Mario
Ah, now I see. It'd be something like that 
body { width:expression(document.cookie+='; usingcrap=1'); }


And then, 
if ($_COOKIE["usingcrap"]==1) $removelayouts = 1;

Also, for the first view, you could just add location.reload(). That would ensure that the user can't view custom layouts.

E - now that I think about it, you would also need to set a cookie called 'viewed' or something and only reload in javascript if it detects that the cookie 'viewed' is set. The setting and reading wouldn't need to be done from an expression(), but the setting should be done after the reading; otherwise viewed will always be set.

____________________


SGMB3 is now being developed with Reuben. Hopefully v1.0 will be released by the time I get world 1 done...

- Layout: MM v0.31




Kawa
Posted on 02-24-10 04:14 PM Link | Quote | ID: 127547


CHIKKN NI A BAAZZKIT!!!
80's Cheerilee is best pony
Level: 138

Posts: 3290/5344
EXP: 30947922
Next: 715059

Since: 02-20-07
From: The Netherlands

Last post: 4499 days
Last view: 2634 days
Posted by paulguy
Can javascript write to cookies?
Yes it can.

____________________
Wife make lunch - Shampoo
Opera - give it a spin
Spare some of your free time?
<GreyMaria> I walked around the Lake so many goddamn times that my sex drive was brutally murdered
Kawa rocks — byuu

MapleMario
Posted on 02-24-10 11:56 PM Link | Quote | ID: 127577


Red Koopa
Level: 27

Posts: 62/126
EXP: 111446
Next: 4713

Since: 04-28-07
From: USA

Last post: 5070 days
Last view: 3889 days
Posted by Kawa
Yes it can.

I think we already found that out, lol. The method we've devised is pretty nice but I doubt it'd get implemented into acmlmboard, because there's such a low chance of any browser besides IE[6] evaluating CSS expressions. It'd probably do just to block custom layouts on IE6.

____________________


SGMB3 is now being developed with Reuben. Hopefully v1.0 will be released by the time I get world 1 done...

- Layout: MM v0.31




Kawa
Posted on 02-25-10 06:12 PM (rev. 2 of 02-26-10 05:39 PM) Link | Quote | ID: 127609


CHIKKN NI A BAAZZKIT!!!
80's Cheerilee is best pony
Level: 138

Posts: 3295/5344
EXP: 30947922
Next: 715059

Since: 02-20-07
From: The Netherlands

Last post: 4499 days
Last view: 2634 days
Posted by MapleMario
It'd probably do just to block custom layouts on IE6.
Yes, yes it would. And an admonishment to get updated, but not obnoxiously so.

And when I say "get updated" I don't mean "get Firefox". Let the IE6 user choose for him/herself. Anything is better than IE6.

Suggestion edit: in the "get a new browser" banner, link to http://browserchoice.eu and let the user go from there.

____________________
Wife make lunch - Shampoo
Opera - give it a spin
Spare some of your free time?
<GreyMaria> I walked around the Lake so many goddamn times that my sex drive was brutally murdered
Kawa rocks — byuu
Pages: 1 2


Main - Help/Suggestions/Bug Reports - Post Layouts, Javascript, CSS and IE <7 New thread | New reply

Acmlmboard 2.1+4δ (2023-01-15)
© 2005-2023 Acmlm, blackhole89, Xkeeper et al.

Page rendered in 0.023 seconds. (324KB of memory used)
MySQL - queries: 53, rows: 69/71, time: 0.017 seconds.