Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Javascript Detection


  • Please log in to reply
11 replies to this topic

#1 raw

raw

    Bleeping Hacker


  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:09:08 AM

Posted 20 March 2009 - 11:02 PM

"We have a public site that requires JavaScript be enabled. When it's not, the visitor is redirected to an error page that explains the website's requirements."

How do we determine if Javascript is enabled?
Use Javascript.
function javascriptEnabled(){
	 return true;
}
Great if it returns true...and if not:
function validateSettings(){

  if(!javascriptEnabled()){
	location.href="no_js.htm";
  }
Hope groovicus doesn't fall out of his chair. And yes...this code is on a production server, up and running.

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


BC AdBot (Login to Remove)

 


#2 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:09:08 AM

Posted 21 March 2009 - 09:52 AM

If javascript is not enabled then how would this code execute?

#3 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:07:08 AM

Posted 21 March 2009 - 11:52 AM

Romeo29 is right. You could always use the <noscript></noscript> tags to display a message, though.

#4 raw

raw

    Bleeping Hacker

  • Topic Starter

  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:09:08 AM

Posted 21 March 2009 - 04:37 PM

If javascript is not enabled then how would this code execute?

Exactly... :thumbsup:

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#5 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:07:08 AM

Posted 21 March 2009 - 05:21 PM

Okay, I need to start reading the topics more carefully. I actually thought you were asking why it wasn't working, raw!!

Forgive me, for I know not what I type.

#6 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,250 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:07:08 AM

Posted 02 April 2009 - 04:50 PM

Wait a cotton pickin' minute! I call shenanigans!! http://thedailywtf.com/Articles/Bulletproo...-Detection.aspx

#7 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:09:08 AM

Posted 02 April 2009 - 09:47 PM

One workaround is using JavaScript + PHP and make JS function return to a PHP function. Is this possible? I faintly remember reading this in a book. But I am wrong all time :thumbsup:

#8 raw

raw

    Bleeping Hacker

  • Topic Starter

  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:09:08 AM

Posted 03 April 2009 - 09:26 PM

Wait a cotton pickin' minute! I call shenanigans!!

I didn't claim it as my code or my server. Just sharing it. :thumbsup:

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#9 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:08:08 AM

Posted 04 April 2009 - 01:49 AM

It doesn't work. Test it yourself. Thanks for screwing with my brain for awhile though. :thumbsup:

#10 burn1337

burn1337

  • Banned
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 AM

Posted 04 April 2009 - 05:17 PM

...I have actually be thinking about ways to automatically testing for Javascript... Personally the script that raw showed us, I would not have used at all... Though I am thinking about finding a good way before the headers are processed to test for javascript... I have a couple theoretical ways sitting in my head... But not sure if they will actually work lol...

#11 raw

raw

    Bleeping Hacker

  • Topic Starter

  • Members
  • 2,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:09:08 AM

Posted 05 April 2009 - 09:38 PM

Personally the script that raw showed us, I would not have used at all...

That was the point. An example of poor coding.
Found this, might be useful.
http://www.missiondata.com/blog/javascript...ript-detection/

rawsig.png

 rawcreations.net          @raw_creations


Current systems: WHAT OS, BackTrack-raw, PCLinuxOS, Peppermint OS 6, Kali Linux

and a custom Linux From Scratch server hosting a bunch of top secret stuff.


#12 burn1337

burn1337

  • Banned
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 AM

Posted 08 April 2009 - 06:58 AM

hhmm... That would work for some... But as for what I am looking for, no way... I have been thinking about using a script/noscript, to set a php variable, then upon that variable will set a session variable so that the switch between straight code, and action scripts would be a bit easier, or the script/noscript variable will be the switch... Not sure how it will go out though... Almost sure it won't work lol... Though I do tend to wonder what ways I could test for it, without needing a redirection, or an ajax test...

Edited by burn1337, 08 April 2009 - 06:59 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users