Is a neopet like a skinhead's dog?
Printable View
Is a neopet like a skinhead's dog?
HTML and JavaScript are different things; javascript is often [rightly] prohibited for security reasons. But, to find out, add this (or similar):Quote:
Originally Posted by DjLatinoHeat
HTML Code:<script>alert( 'it works!' );</script>
I think Daniel's "failure rate" might be better described as a "vulnerability rate" - it's not that n out of 100 attacks will be able to defeat it, it's that n out of 100 visitors will know enough about what they're doing to defeat it. These people are also the ones most likely to try, and their attacks will succeed every time. The knowledge barrier for defeating javascript password protection is really very low.Quote:
Originally Posted by DjLatinoHeat
In this situation, the only valid litmus test for "acceptable risk" is "is it just for fun?" If not, then javascript is not an acceptable "solution" at all.
yes it's just for fun, and neopets is like a gaming site...
and i tried putting a default copy of it and everything just shows up white... nothing @ all. >.<
Don't you mean:Quote:
Originally Posted by traq
Code:<script>
alert('It works!');
</script>
I'd be surprised, honestly, if you can add Javascript to the page. But I have no idea really. If the code from John's post works, then you can try a password script (they aren't very much more complicated than that, so if that works, the password script should probably work too).
And, yes, I should emphasize what traq said: I don't mean that it sometimes "won't work"-- I mean that it will always be vulnerable to people who want to get around it. There's no chance that it will stop someone who is motivated.
hehe, whoops... yes, that is what I meant.Quote:
Originally Posted by jscheuer1