Hi Andrew, hi galeon folks,
So javascript can circumvent my proxy ? What else can js do then ? Download
more code, which also
downloads more code which downloads more stuff ? Keeping my machine busy with
things i don't have the slightest clue about ?
I can't imagine this is true ! At least a browser must be controllable, there
should be settings.
I remember there were a lot of settings in iexplorer last time i configured and
used one (but it's a
_long_ while since ;)
With galeon, for example, i can set some few limits to what js can do. I didn't
discover a way to say
don't download flashs from this site yet. But I always believed i can do that
and more with a proxy.
[EMAIL PROTECTED] (Andrew M. Bishop):
> The sequence of events is this.
>
> 1) The server sends HTML including Javascript.
> 2) WWWOFFLE is here and hides any flash animations but leaves Javascript
> unchanged.
> 3) The browser runs the Javascript which writes out some extra HTML into the
> page.
> 4) The browser displays the modified HTML which includes the flash animation
> object tags that the Javascript wrote.
> 5) The browser gets the flash animation and displays it.
>
> Here is an example piece of Javascript that shows how it works (but for
> images and not flash).
>
> -------------------- example.html --------------------
> <script LANGUAGE="JAVASCRIPT">
> <!--
> now = new Date();
> tail = now.getTime();
> document.write("<IMG SRC='//images-aud.slashdot.org/pc.gif?l,");
> document.write(tail);
> document.write("' WIDTH=1 HEIGHT=1 BORDER=0 ALT=' '>");
> //-->
> </SCRIPT>
> -------------------- example.html --------------------
>
> When this script is run you will end up with some extra HTML that the browser
> will see in step (4)
> but that WWWOFFLE could not see in step (2). The extra image in this case
> will be loaded by an HTML
> tag that looks like shown below but with $$$ replaced by the current time:
>
> <IMG SRC='//images-aud.slashdot.org/pc.gif?l,$$$' WIDTH=1 HEIGHT=1 BORDER=0
> ALT=' '>
>
> If WWWOFFLE contained a Javascript interpreter that gave exactly the same
> result as the Javascript
> interpreter in the browser then there would be a chance. It would have to
> detect that the Javascript
> changes the HTML in the page and then delete that part of the script. I don't
> think that this is practical though.
> --
> Andrew.
> ----------------------------------------------------------------------
> Andrew M. Bishop [EMAIL PROTECTED]
> http://www.gedanken.demon.co.uk/
ok, it's just this way, granted. The browser interpreting the javascripted html
page will send download requests.
Why do those requests ignore the proxy then ? Did i configure galeon to work
with a proxy and then it's not
used in some cases ? Couldn't that be changed at least by the developers (hi
there !) ?
greets, micha
