Prev: javascript: window.open ie6 vs ie7
Next: submit form with javascript
From: Cerebral Believer on 7 Oct 2006 10:53
Hi folks,

I am having some issues using a program that protects my web pages (to a
degree) using JavaScript (to print screen/disable clipboard, caching text
selection etc). Below is the code for the page after it has been encrypted
on the local machine:

[CODE]<!--hppage status="protected"-->
<!--Source code not available.-->
<html>

<head><meta http-equiv="Content-Type" content="text/html;
charset=windows-1252"><SCRIPT LANGUAGE="JavaScript"><!--
document.write(unescape("%3C%53%43%52%49%50%54%20%4C%41%4E%47%55%41%47%45%3D%22%4A%61%76%61%53%63%72%69%70%74%22%3E%3C%21%2D%2D%0D%0A%68%70%5F%6F%6B%3D%74%72%75%65%3B%66%75%6E%63%74%69%6F%6E%20%68%70%5F%64%30%32%28%73%29%7B%69%66%28%21%68%70%5F%6F%6B%29%72%65%74%75%72%6E%3B%76%61%72%20%6F%3D%22%22%2C%61%72%3D%6E%65%77%20%41%72%72%61%79%28%29%2C%6F%73%3D%22%22%2C%69%63%3D%30%2C%70%3D%30%3B%66%6F%72%28%69%3D%30%3B%69%3C%73%2E%6C%65%6E%67%74%68%3B%69%2B%2B%29%7B%63%3D%73%2E%63%68%61%72%43%6F%64%65%41%74%28%69%29%3B%69%66%28%63%3C%31%32%38%29%63%3D%63%5E%28%28%70%2B%2B%25%38%29%2B%31%29%3B%6F%73%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%63%29%3B%69%66%28%6F%73%2E%6C%65%6E%67%74%68%3E%38%30%29%7B%61%72%5B%69%63%2B%2B%5D%3D%6F%73%3B%6F%73%3D%22%22%7D%7D%6F%3D%61%72%2E%6A%6F%69%6E%28%22%22%29%2B%6F%73%3B%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%6F%29%7D%2F%2F%2D%2D%3E%3C%2F%53%43%52%49%50%54%3E"));//--></SCRIPT><SCRIPT
LANGUAGE="JavaScript"><!--
hp_d02(unescape("=Q(a)VLVS(MCMCPG@M%3C
IesgTksksp'8;),/csikuklj%25nwWel+e,}umuwqj%25`fdrg~bphd|hmm$mvXkl**%7Fwcs}sl#bdjtm|dvjfrngo%22ktZbb
d+xv`rrzo*f*qguodv-pdaIilg%229kskd'$f*qguodv-pdaIilg-w`guki*$Z-OIXTV%7FP@^SISGBxGSS%5CNL%7FW(a)JBKU+'#,':%250+~?csikuklj%25nwWlf+a,}jib?meso`iumq*pubz(a)efjq(nfeg{Kc.
E`a$-$;*9:ke,aid}lgmp+gkd(yjb-cqmov-fprsgo?>6yz/e`a%25%22-cqmov-gqtkCd{%7Fx`pbfu,ha|Ehld?>=4/.!zpfppti
gcow`/zudnpa~oa
d,tlleo5%3C1%7Fx-kfk'$+a+khlhdjawu:53~%7Fa+eszmIf},/.ssgwqwh'n`npaxck{d%22jb-c)%7Fik`l8;6!zujjaip&bcspptbMwgmpv.B~dlw*HIR[DOLR@/%3C%7Fhlgkr(hflmvw`kh~d?ktZbiu|%7Feqkesanl#luYj})g*%7Fl`/m/ukmfn:50+xslhcgv,qaicf{dGuakrt
Dtfjq(JGTQFIJPB!:ujjaip&nlnkpubentf9kskd|%7Fjb-hf~hebpjt)iqrMehc)aoff|J`//Hlwawhb|!G{tiiums%25*98+6t}*meso`iumq*pubz(a)efjq(nfeg{Kc.
ERKF#,':%250$%25`jeredlw*djk&mgmcqn&51+*%7Fl`/lnavi`hs&`no-~kfk%3Clbrlaf|np-qvcuIfgmp+oildzLb-!Jib%25*%258+63wgqwlii5qcqw`@kg`v+#5!,f`tjcdrhz/wpawG`mov-wpdt|s*meso`iumq*pubz(a)efjq(nfeg{Kc.
ERKF#,-2!-33->oa obg#
qmsqjkk83!zflgpkbfu,ljfii|dzwi`hr5ir%5Cgh{bdrgx`jeredlw*jhjgtqf`jqi5ir%5Cia=cgbwnakr)goif}aipf%3Cjs[hb%3Cuem`qhci|/mmw`jbkuqwewr:`q]gjxck{d%22jb-bhktofjq(kixgqw,}paofls+efxuwqa(a)pbfuq+Asci|/OLQVCCGVL%7FAsci|/ol`l`nmsq%7FAsci|/IF]AIPF}Guakr)ENWPAPV.3vkm`jq)goolqvccgvl>luYjl:ujjaip&nlha|bh%7Fo?ktZkc3vkm`jq)goolqvcrx%3Cjs[hszmmqf$l`/lnavi`hs&fgwAicjmovA}Lb!.
flgpkbfu,bhi/|lnavi`hs&nl`kkrbpuofjp;ox^an?aid}lgmp+iienwpaaipf%3Cjs[aczuhd+`jeredlw*PTK&rwawqtnff*3(1/:5#djh`$.sir%5Ckn;aimqf?roilnu-hjef|hmm9'gegtv9figic#%7Feqkesanl#luYidr**%7Froilnu-wqgs}r?!&>tb|tpm$qtrm|dvjfrngo%22ktZhk{m**%7FmvXfmq+->ub|Uknajss
#js[kjtd)+!(46.uhd+`jeredlw*ig~msq*`jeredlw*fgw|tpfAsci|r*Fr`hs&LMVW(a)IQMS~Fr`hs&LMVW(a)IR%5C(9gkfsjmov-kkkh}rglr`t:`q]mhv=cgbwnakr)goolqvch}uo>luYidr9ktZhk{m**?csikuklj%25nwWer2,,}ags*j95=n4em`qhci|/coh+jbffvk?l-,!zke,aid}lgmp+gkdZk^*vr~dd,umvoeamkw}$;%25`hfgak$.sem`qhci|/coh^oZ&rvzh`(qarkamiosq%3C
kmabbf#9gkfsjmov-eij%5Ca%5C,j`8$ox^kg&x{z3gwmgqohf!js[av5
(yekw.n519j8aid}lgmp+gkd/nfjbro3h)(-~oa
em`qhci|/coh^oZ&hf>9'nwWhf!-aid}lgmp+gkdZk^*vr~dd,umvoeamkw}8$%25u|9tmkbh%7F/mmf``hzdrqmkr:`q]gt4=paofls+iiigvfvutnfu?ktZbw::flgpkbfu,tvlrb
&>pp|jb(u{sa8$smyv,gvu%25(lggmd;%25xskmp'8;),/aka%7F|lhqshd%7F=fnlfy(+94.qw}ic9/(9eqkesanl#luYile**%7Fwcs}sl#bdjtm|flgpkbfu,ljatforvbvq;ox^lg`>oa
ocumbgsgs,btuHfed,jjac%7FGg*$Mkrbzogw$@~wdnpfv%22/&5,3%25%22-hf~hebpjt)}rgqEbci|/km``~Hn)%25NWLC
!%3C?.5yzcgbwnakr)imn-h`h`|i?>4,/ox^mh9cgk{d9jb-bhktofjq(fdm+gkfsjmov-swosm)%25?hlhl(sgo9vr~ddqka`r'|xrf9'rbpu-`wv$'`sge9'nwWowoh+et{#%3C$->oa
gpbi`u.shd+pjv)nscnav(kmoewl;6.sir%5Ckn;aimqf?qiw&mm`eqohf%3Cflgpkbfu,VVI{z'./.:9)TKSKSP;"));//--></SCRIPT><META
HTTP-EQUIV="Pragma" CONTENT="No-Cache"><META HTTP-EQUIV="Cache-Control"
CONTENT="No-Cache,Must-Revalidate,No-Store"><META HTTP-EQUIV="Expires"
CONTENT="0"><META HTTP-EQUIV="ImageToolbar" CONTENT="No"><META
NAME="MSSmartTagsPreventParsing" CONTENT="True">
<meta http-equiv="Content-Language" content="en-gb">

<title>New Page 1</title>
</head>

<body><NOSCRIPT>To display this page you need a browser with JavaScript
support. Please update your browser, or, visit your browser vendor or
java.com to obtain a JavaScript plug-in.</NOSCRIPT><SCRIPT
LANGUAGE="JavaScript"><!--
hp_d02(unescape("=Q(a)VLVS(MCMCPG@M%3C
IesgTksksp'8;),/csikuklj%25nwWea+-~nwWuc-gwcf|dVf|qTfffg+-+c%7FmbAlihgil)
@ku%7F%25!:qfpQojmnww,'nwWea+-'*481+~mc.iiwkdeqiu&`rsJdkb&hlga}Ia
&Kmp`timu%22F|ujhzdp$-8;*9}~+jdpno`vlv+stmsCdakr)aoff|J`//LQJA%22/&5,3%25%22aid}lgmp+gkd/nfjbro)%3C2*-~oa
em`qhci|/coh#
iiwkdeqiu&tqfvDabfu,jjac%7FGg*$Kucui&+>9(7.sem`qhci|/uqmqc//=fjr%25usqmg>&uitauklj?ge{nnvp`=kmgv9)4678qz8pjv=%250234u~%256=kmtpr'|xrf9'rbpucqad$'f`of9'nwWuc!$sgk}d?!$'&t|xnf9'pn{h`jhlr~2ikg``h%256=-gms8
!:js[ae/!|%7F,+(+94.Q(a)VLVS6"));//--></SCRIPT>

<p><img border="0" src="../../images/FBD%20Banner_cmp.jpg" width="768"
height="192"></p>
<p>&nbsp;</p>
<p>Can this text be selected too?</p>

</body>

</html>[/CODE]

Here is the code that I veiw when I access the page after it has been
uploaded to the server with FrontPage:

[CODE]<!--hppage status="protected"-->
<!--Source code not available.--><html>

<head><meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<script language="JavaScript">
<!--

function SymError()
{
return true;
}

window.onerror = SymError;

var SymRealWinOpen = window.open;

function SymWinOpen(url, name, attributes)
{
return (new Object());
}

window.open = SymWinOpen;

//-->
</script>

<!-- I had to cut this section of code because my post was too long, but it
is a repeat of the local code the sections above and below occur before and
after the code that was origianlly posted from the local machine -->

<script language="JavaScript">
<!--
var SymRealOnLoad;
var SymRealOnUnload;

function SymOnUnload()
{
window.open = SymWinOpen;
if(SymRealOnUnload != null)
SymRealOnUnload();
}

function SymOnLoad()
{
if(SymRealOnLoad != null)
SymRea
From: VK on 7 Oct 2006 16:34

Cerebral Believer wrote:
> function SymError()
> {
> return true;
> }
>
> window.onerror = SymError;
>
> var SymRealWinOpen = window.open;
>
> function SymWinOpen(url, name, attributes)
> {
> return (new Object());
> }
>
> window.open = SymWinOpen;
<snip>
> As you can see, the begginings and endings of the server side code are
> different to the code that was uploaded to the server from the local drive.
> Anyone any ideas on why this should be the case, and what the extra code
> should do?

The code changes not during the upload, but when accessing the page in
your browser. Disable your McAffee virus protection and it will come
back to normal. McAffee - and some other antivirus programs - shadows
several native window methods by loopholes (bogus functions), so in
case if you have to take extra boring steps to restore the original
references. (In my strong opinion some ears should be cut off for that
idea - and what a hell say window error collector has to do with a
virus protection?)

> OK, I can view my pages fine in Firefox and Netscape, also IE 6.0 (and have
> had reports to the same effect), but a user using IE 7.1 has reported that
> when he views my pages he gets a security warning, saying "Do you want to
> allow this website to access your clipboard".

That is nothing to do with with the "antivirus" vandalism, you must be
using some methods in your original code which are restricted for usage
in IE7.

From: Richard Cornford on 7 Oct 2006 18:55
Cerebral Believer wrote:
> I am having some issues using a program that protects my
> web pages (to a degree) using JavaScript (to print
> screen/disable clipboard, caching text selection etc).
<snip>

Any attempt to cripple the facilities of the user's browser represent an
abuse, and all facilities that are employed abusively are likely to be
withdrawn over time. When these facilities are withdrawn or restricted
much that could have been usefully employed will be lost with them (and
lost to everyone). It is best to learn from history and not write or use
abusive scripts.

> ... - the pages on the rest of the site employ a similar
> code, and also trigger security alerts for some reason in
> IE7.1, but they were not designed to access clipboards, but
> to stop people from doing screen captures while on my
> site.
<snip>

Browsers provide no mechanism that will prevent the use of the clipboard
by the user. the only technique ever proposed that could make the user's
attempts to use their clipboard non-viable is for the script to be
continuously writing to the clipboard (thus overwriting anything that had
been added by the user. Obviously constantly writing to the clipboard is
accessing the clipboard and will trigger IE security alerts if their
security settings for the significant zone have clipboard access set to
"prompt". Clearly the default setting for scripted access to the
clipboard have been changed between IE 6 and 7, possibly prompted by
exactly this sort of script as its side effect is to destroy data that
belongs to the user without consent or warning.

Richard.


From: Hywel Jenkins on 8 Oct 2006 07:43
In article <vbPVg.5985$gO3.4213(a)newsfe7-win.ntli.net>,
nospamthanks(a)hadenoughalready.com says...
> Hi folks,
>
> I am having some issues using a program that protects my web pages (to a
> degree) using JavaScript (to print screen/disable clipboard, caching text
> selection etc). Below is the code for the page after it has been encrypted
> on the local machine:

Oh dear. You've wasted your time.

--
Hywel
http://kibo.org.uk/
From: kudzai on 8 Oct 2006 08:55
I visited this page
http://www.futurebydesign-music.com/htmlprot/test.html, and sure enough
I couldn't highlight the text.

Then I disabled Javascript without reloading the page. Now I could
highlight and copy the text. I was using Firefox 1.5.0.7.

kudzai
http://www.myscwebdesign.com

 |  Next  |  Last
Pages: 1 2
Prev: javascript: window.open ie6 vs ie7
Next: submit form with javascript