Comments on: Mozilla’s “home” JavaScript function http://readystate4.com/2008/06/30/mozillas-home-javascript-function/ JavaScript, Web Development, Ruby, and Technology. Mon, 07 May 2012 11:47:32 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Mauvis http://readystate4.com/2008/06/30/mozillas-home-javascript-function/comment-page-1/#comment-884 Mauvis Tue, 09 Sep 2008 19:32:27 +0000 http://readystate4.com/2008/06/30/mozillas-home-javascript-function/#comment-884 Yeah, I was mostly just surprised that this function exists. I don't see a good reason for someone to use it, and it just clutters the global namespace offering more potential exploitation, whether it be a software exploit or through social engineering. If I wanted to make annoying ads, for example, I could have an iframe within an iframe showing your home page, with some additional text stating that your browser is not secure and to download a free cleaner tool, etc. . If you were an average internet user, and you saw your gmail inbox there, you may be alarmed and be dim enough to download my free tool. Additionally, you could potentially, check sites using the CSS History hack, open up a hidden frame to the user's homepage, and run the CSS history hack again to see if any sites is in your list. You could open a popup, redirect the current window, and check the window.opener of the popup. You could redirect the user a few seconds after they visited your site to their homepage. They would probably assume they accidentally hit a shortcut key and go back to your site where you can then check the document.referrer. This and many other ideas I'm sure would completely fail, but why take risks with a function no one really uses. Yeah, I was mostly just surprised that this function exists. I don’t see a good reason for someone to use it, and it just clutters the global namespace offering more potential exploitation, whether it be a software exploit or through social engineering.

If I wanted to make annoying ads, for example, I could have an iframe within an iframe showing your home page, with some additional text stating that your browser is not secure and to download a free cleaner tool, etc. . If you were an average internet user, and you saw your gmail inbox there, you may be alarmed and be dim enough to download my free tool.

Additionally, you could potentially, check sites using the CSS History hack, open up a hidden frame to the user’s homepage, and run the CSS history hack again to see if any sites is in your list. You could open a popup, redirect the current window, and check the window.opener of the popup. You could redirect the user a few seconds after they visited your site to their homepage. They would probably assume they accidentally hit a shortcut key and go back to your site where you can then check the document.referrer. This and many other ideas I’m sure would completely fail, but why take risks with a function no one really uses.

]]> By: Zach Leatherman http://readystate4.com/2008/06/30/mozillas-home-javascript-function/comment-page-1/#comment-883 Zach Leatherman Tue, 09 Sep 2008 16:55:53 +0000 http://readystate4.com/2008/06/30/mozillas-home-javascript-function/#comment-883 Independently of the CSS History Hack, I don't see the issue here. Any attempts to reference the window object or location object of the iframe will result in a "Permission denied" error. Independently of the CSS History Hack, I don’t see the issue here. Any attempts to reference the window object or location object of the iframe will result in a “Permission denied” error.

]]> By: Mauvis http://readystate4.com/2008/06/30/mozillas-home-javascript-function/comment-page-1/#comment-96 Mauvis Wed, 02 Jul 2008 01:02:29 +0000 http://readystate4.com/2008/06/30/mozillas-home-javascript-function/#comment-96 Yes, you're totally right Bryan. This would have been the perfect moment to preach about namespacing your JavaScript! Yes, you’re totally right Bryan. This would have been the perfect moment to preach about namespacing your JavaScript!

]]> By: Bryan Migliorisi http://readystate4.com/2008/06/30/mozillas-home-javascript-function/comment-page-1/#comment-83 Bryan Migliorisi Tue, 01 Jul 2008 03:49:54 +0000 http://readystate4.com/2008/06/30/mozillas-home-javascript-function/#comment-83 Just another reason why people should namespace their JS. Additionally, back() and forward() are also present in FF. Nice catch. Just another reason why people should namespace their JS. Additionally, back() and forward() are also present in FF.

Nice catch.

]]>