Javascript security in template

[Giant Eagle]

Is it possible to have a "non-javascript" version?

Javascript is the way of the future with HFS, with even the default template probably going to be written in AJAX. Without Javascript you can expect a lack of features.

2 big examples:

www.gmail.com
www.youtube.com
[/advertisement]

view those with javascript turned off looks totally retarded (login to gmail first tho..)

Javascript is not bad, just dont go to the wrong websites. If a website is listed on google, it does not contain javascript exploits or google will give you a warning.

[maverick]

Javascript is the way of the future with HFS, with even the default template probably going to be written in AJAX

Says who?  You?  I don't recall hearing the author, 'rejetto', saying anything like that.  Sure I can maybe see a bit of javascript here and there in a future default template but it would be a very sad day if HFS went javascript only.   There is just to much malicious code on the net and for that reason many people disable javascript altogether.  If a template doesn't support the same features or at least most of the features in both html & javascript you will loose a lot of potential users unless your server is only visited by friends and relatives and not open to the general public.

[Giant Eagle]

Gmail does not lose it's functionality while about 99% is disabled when you turn javascript off, i have never ever heard any complaints about that.

There is just to much malicious code on the net

Yea, well maybe 10 years ago, but things have changed. (proof me wrong)

O.o in my few years of internet experience, there were only a few sites that contain malicious code.. or are you exploring the part of the web that has the sign "browse-at-own-risk" like serial and crack providers. Thats like walking into a mine-field. But then again, what can javascript do in the worst case? crash ure browser? doesnt sound like an armageddon to me

If you just browse normal websites, you wont encounter any problems at all..

[maverick]

proof me wrong

http://www.google.com/search?q=javascript+malicious&sourceid=opera&num=0&ie=utf-8&oe=utf-8

Now you see why so many travel the net with javascript disabled.  That search presents you with 1,570,000 hits -- it's now 1,640,000 hits and rising!

[TSG]

Says who?  You?  I don't recall hearing the author, 'rejetto', saying anything like that.

rejetto has mentioned to me a few times over msn conversation, and i think he has mentioned it here on the forum... cant remember where though.

There will always be full basic server functionality without javascript, but expect a lack of features. My template is a good example of this. Javascript = On, awesomecore features everywhere . Javascript = Off, basic HFS functionality prevails. GG <noscript>

I wouldn't say that the future default template may be written in AJAX if it was only my opinion, im not a moron. And even if it was AJAX, there is always going to be a HTML version. rejetto assured me of that.

Also. I dunno if anyone has noticed, but there is already javascript in the Default template and there has been for some time. rejetto has always used javascript in the upload section of the template.

Javascript is NOT a bad thing (when used properly by people like us). It is used everywhere. And like Giant Eagle says above. Google has detection methods now to warn users of malicious code in a site before they even enter. And lets face it. If your site isn't on Google. Its obviously for personal or family/friend network usage. Like my HFS. Used primarily as distant access to my files and to allow my friends to grab things off me as they need them. Googlebot hits my robots.txt everyday. And it remains a private site.

Although i do stand by my previous judgment of this template (HFS LIVE 2). It has WAY too much javascript lol. It could be done with HTML/CSS and a bit of javascript for the extra features quite easily, Chrono could even keep basic HFS functionality without javascript.. unsure why he didn't do this in the first place.

[Flynsarmy]

AJAX is often used in web applications without need. This is because it has become one of the latest buzz words
in IT. It would, however, work very well in HFS as it would allow refreshing of certain elements of the page (such
as the files list) without requiring the rest of teh page to be reloaded. Yes, javascript is a security risk. Yes, it
isn't essential. Did you pick up on the fact that web servers also can have security holes in them? Hell, your OS
itself (especially if you're running Windows) is littered with security holes. The best way to keep your system
completely safe is to just get off the internet.

But while we're on the subject of meaningless, WRONG statistics, check this page out, Maverick:
http://72.14.253.147/search?q=windows%20malicious
I think you'll find the value is quite alot higher than the value for javascript. Maybe you should switch OS's

The point of my post is, javascript and AJAX can provide a far greater benefit with their use than a drawback.
Keep your OS patched, keep your browser up to date and keep your code written well and you won't have any
problems any time soon.

Prawned.
Kthxbai

[TSG]

.....Yes, javascript is a security risk. Yes, it
isn't essential. Did you pick up on the fact that web servers also can have security holes in them? Hell, your OS
itself (especially if you're running Windows) is littered with security holes. The best way to keep your system
completely safe is to just get off the internet.....

The point of my post is, javascript and AJAX can provide a far greater benefit with their use than a drawback.
Keep your OS patched, keep your browser up to date and keep your code written well and you won't have any
problems any time soon....

Mai point exactlay. 

[Giant Eagle]

Yea, well maybe 10 years ago, but things have changed. (proof me wrong)

http://www.google.com/search?q=javascript+malicious&sourceid=opera&num=0&ie=utf-8&oe=utf-8

Thanks you actually proved me right

Code: [Select]

JavaScript opens doors to browser-based attacks
Published: July 28, 2006, 12:44 PM PDT

Frequently Asked Questions About Malicious Web Scripts Redirected by Web Sites
Original release date: February 2, 2000

Malicious JavaScript shuts down Hotmail
Published Thursday 11th May 2000 09:52 GMT

Hackers, Scammers Hide Malicious JavaScript On Web Sites
oktober 20, 2005 (2:45 PM EDT)

Safely Investigating Malicious JavaScript
Posted on Thursday, April 20th, 2006

Malicious JavaScript: yet another reason for graceful degradation
August 16, 2006

RE: Russian IIS hack? Malicious Javascript code
06/24/04

Malicious JavaScript shuts down Hotmail
Posted on May 10, 2000

netscape communicator 4.7x - javascript malicious c ode
Thu Apr 4 17:46:06 GMT 2002

These all come from the first page from the link you gave me.. NONE, i repeat, NONE of them are recent.

Things have changed Maverick, get over it. It's ppl like you who make javascript sound bad.

[rejetto]

Exactly, the default template already uses some javascript, and some more will be added to get some extra features. Probably there will not even need for a double template with and without javascript, by using the <noscript>.
I said AJAX because that's the word people know, but i would actually use AHAH.
AHAH is good to keep updated info on the page.

[TSG]

Exactly, the default template already uses some javascript, and some more will be added to get some extra features. Probably there will not even need for a double template with and without javascript, by using the <noscript>.
I said AJAX because that's the word people know, but i would actually use AHAH.

wats so funny, or scary... ye i heard you mention that recently. Sounds interesting.