just wondering

**jscheuer1** · 05-31-2013, 02:49 AM

Is a neopet like a skinhead's dog?

**traq** · 05-31-2013, 03:35 AM

Originally Posted by DjLatinoHeat

it's moreless for a couple friends who keep shops on neopets... and i can access the HTML. each pet comes w/ a free page.

HTML and JavaScript are different things; javascript is often [rightly] prohibited for security reasons. But, to find out, add this (or similar):

HTML Code:

<script>alert( 'it works!' );</script>

Originally Posted by DjLatinoHeat

not really sensitive info, jus wna try keep it so that other shop keepers don't pick up our tricks to stocking and pricing our shops. i can accept a 5% failure rate

I think Daniel's "failure rate" might be better described as a "vulnerability rate" - it's not that n out of 100 attacks will be able to defeat it, it's that n out of 100 visitors will know enough about what they're doing to defeat it. These people are also the ones most likely to try, and their attacks will succeed every time. The knowledge barrier for defeating javascript password protection is really very low.

In this situation, the only valid litmus test for "acceptable risk" is "is it just for fun?" If not, then javascript is not an acceptable "solution" at all.

**DjLatinoHeat** · 05-31-2013, 03:42 AM

yes it's just for fun, and neopets is like a gaming site...
and i tried putting a default copy of it and everything just shows up white... nothing @ all. >.<

**jscheuer1** · 05-31-2013, 05:45 AM

Originally Posted by traq

HTML and JavaScript are different things; javascript is often [rightly] prohibited for security reasons. But, to find out, add this (or similar):

Code:

alert( 'it works!' );

Don't you mean:

Code:

<script>
alert('It works!');
</script>

**djr33** · 05-31-2013, 06:55 AM

I'd be surprised, honestly, if you can add Javascript to the page. But I have no idea really. If the code from John's post works, then you can try a password script (they aren't very much more complicated than that, so if that works, the password script should probably work too).
And, yes, I should emphasize what traq said: I don't mean that it sometimes "won't work"-- I mean that it will always be vulnerable to people who want to get around it. There's no chance that it will stop someone who is motivated.