JavaScript is a client-side scripting language developed by Netscape to enable interactive web sites. It is also extensively used within web browser software and although it shares many of the features of the Java language it was developed independently. JavaScript can interact with HTML code enabling web designers to create dynamic content, manipulate images and more. JavaScript is an open source language that anyone can use without purchasing a license. It is supported in all modern web browsers.
JavaScript can be used to create and read cookies, detect browser version, operating system, plugin version, manipulate complex calculations and more, such as a fairly competitive game of chess that can be run from a web page without any more than JavaScript and HTML (only 13k of code).
JavaScript does not have any graphics capabilities of
its own, except for the ability to format and display HTML
(which however does include images, tables, frames, forms,
fonts, and other html elements).
JavaScript cannot directly access files on the user's
system or the client-side LAN... the only exception is
access to the browser's cookie files. JavaScript has no
networking support and while it does know how to request
information via the web browser, it cannot engage in
network activity of its own. Nor can it implement
multiprocessing or multithreading.
Most of the limitations on JavaScript have been set for
security reasons. JavaScript is currently the safest
scripting language available as all known security loops
have been closed.
If JavaScript is disabled in a web browser, your visitor won't get far because JavaScript is needed to create the embed tags that activate the Copysafe Web plugin. If the plugin is not activated your encrypted images will not be displayed because the security applet hasn't been given the go ahead. While this may seem secure it is a situation that we want to avoid, so it's best to detect the anomaly and deal with it.
The simplest detection that works in plain HTML is the
NOSCRIPT tag placed in the header of the web page:
<NOSCRIPT>This page uses JavaScript. Your browser
either doesn't support JavaScript or you have it turned
off. </NOSCRIPT>
While the above warning is a polite way of advising
that your web pages will function better if they enabled
JavaScript, it doesn't yet do anything to protect content
on your page that is not encrypted. So with further
modification you can forcefully redirect the visitor by using the
following code:
<NOSCRIPT>This page uses JavaScript.
<meta http-equiv="refresh" content="0;url=/javascript-warn.html"></NOSCRIPT>
The NOSCRIPT message/redirect can appear before the
<HTML> tag for the most immediate response.
The problem faced in detecting JavaScript is that it is
client-side scripting and loads after any server side
script has played it's part. A useful example that can
work server side uses
ASP.NET
Pre-empting the situation and detecting the lack of
JavaScript is preferred. This can be done by using a
combination of JavaScript and ASP, PHP or CGI, but not on
the same page. Your home page or catalogue menu can create
a cookie using JavaScript which can then be read by the
protected page using ASP. If the cookie is not found the
ASP can redirect your visitor for advice and counseling.
Here is the JavaScript cookie code that will expire at the
end of the visitor's session:
function makeCookie(name, data){
var name= "jscript";
var data = "true";
var cookieStr = name + "=" + data
document.cookie = cookieStr}
The cookie can be triggered by an onload statement in
the page's BODY tag:
<BODY onLoad= "makeCookie();">
On your protected page you can use ASP to read the
cookie and take action if needed:
<%
If Request.Cookies("jscript") = "true" then
'do nothing
else
response.redirect("/javascript-warn.html")
end if
%>
Which is the best method? We recommend using all that
are possible on your site/server.
Return to top