Micha <[EMAIL PROTECTED]> writes:
> I assume that it's javascritp which makes my browser still display
> shockwaves (and other adverts).
> What i don't understand is how the javascript object loading works,
> in this case.
> Where do scripts (that is, JRE ?) send their download requests -- to
> some port directly, or via the browser ? And wouldn't the latter go
> via wwwoffle then in any case (if i didn't configure exclusions) ?
What happens is that the Javascript writes the HTML into the page that
the browser will display. This is what contains the flash that you
are seeing.
The sequence of events is this.
1) The server sends HTML including Javascript.
2) WWWOFFLE is here and hides any flash animations but leaves
Javascript unchanged (unless you set disable-script=yes).
3) The browser runs the Javascript which writes out some extra HTML
into the page.
4) The browser displays the modified HTML which includes the flash
animation object tags that the Javascript wrote.
5) The browser gets the flash animation and displays it.
Here is an example piece of Javascript that shows how it works (but
for images and not flash).
-------------------- example.html --------------------
<script LANGUAGE="JAVASCRIPT">
<!--
now = new Date();
tail = now.getTime();
document.write("<IMG SRC='//images-aud.slashdot.org/pc.gif?l,");
document.write(tail);
document.write("' WIDTH=1 HEIGHT=1 BORDER=0 ALT=' '>");
//-->
</SCRIPT>
-------------------- example.html --------------------
When this script is run you will end up with some extra HTML that the
browser will see in step (4) but that WWWOFFLE could not see in step
(2). The extra image in this case will be loaded by an HTML tag that
looks like shown below but with $$$ replaced by the current time:
<IMG SRC='//images-aud.slashdot.org/pc.gif?l,$$$' WIDTH=1 HEIGHT=1 BORDER=0
ALT=' '>
WWWOFFLE will not be able to block this sort of image because it does
not exist in the original HTML that WWWOFFLE sees.
> As i understood it, wwwoffle looks for tags and extensions in html file.
> (I don't understand the class-id thing anyway.)
Yes, this is correct. WWWOFFLE will modify the HTML so that what the
browser sees does not contain any links to the flash animations. This
only works on the HTML from the server and not any Javascript in it.
> Three questions.
> Can flashs get downloaded without such descriptors ?
> How could browsers identify them without ?
The browsers use the re-written HTML and not what came from the
server.
> Would it be possible for wwwoffle to identify flashs the same way a
> browser does, eg in the actual javascript donwload request (no plan
> how it looks like) ?
If WWWOFFLE contained a Javascript interpreter that gave exactly the
same result as the Javascript interpreter in the browser then there
would be a chance. It would have to detect that the Javascript
changes the HTML in the page and then delete that part of the script.
I don't think that this is practical though.
The only way to block this sort of thing is to try and add some
DontGet rules that will block the flash animations based on their file
extensions.
--
Andrew.
----------------------------------------------------------------------
Andrew M. Bishop [EMAIL PROTECTED]
http://www.gedanken.demon.co.uk/
WWWOFFLE users page:
http://www.gedanken.demon.co.uk/wwwoffle/version-2.8/user.html
