Announcement

Collapse
No announcement yet.

javascript in advertisement and security issue

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • javascript in advertisement and security issue

    Hello,

    Recently I am showing one private company's ad on my site and that company has send his ad in the form of javascript.

    I want to know are there any chance of security issue if that javascript contain some malicious code??

    thanks

  • #2
    It is possible but if this is a known company, the chances are unlikely. You would have to worry more about malicious code if you're advertising warez or black hat security companies.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud demonstration site.
    vBulletin 5 API - Full / Mobile
    Vote for your favorite feature requests and the bugs you want to see fixed.

    Comment


    • #3
      This is script code!!

      Is it has some malicious things??

      Code:
      (function(){
          function s(b){
              return b!=null?'"'+b+'"':'""'
          }
      
          function G(n,v){
              if(v){
                  window.u_a_url+="&"+n+"="+v
              }
          }
      
          function B(w,d){
              return w.top.location==d.location
          }
      
          function S(w,a,sr){    
              a.write('<iframe name="u_a_iframe" width='+s(w.u_a_width)+" height="+s(w.u_a_height)+" frameborder=0 src="+s(sr)+' marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no">');
              a.write("</iframe>")
          }
          function A(){
              var w=window,d=document,t=new Date;
              var u_a_imgurl = "http://***********/Pic/04.gif";
              
              w.u_a_url="http://***********/newshow.php?";
              w.u_a_url+="z_adid="+w.u_a_adindex;
              w.u_a_url+="&z_width="+w.u_a_width;
              w.u_a_url+="&z_height="+w.u_a_height;
              w.u_a_url+="&z_imgurl="+u_a_imgurl;
      
              if(B(w,d)&&d.body){
                  
                  var j=d.body.scrollHeight,v=d.body.clientHeight;
                  if(v&&j){
                      G("z_uc_ks",Math.round(j)) 
                  }
              }
      
              S(w,d,w.u_a_url);
          }
                              
          function C(w,d){
              return true
          }
          function E(){
              var w=window,d=document,e=null;g=d.referrer,w.onerror=C;
              if(w.union_code_url==e){ 
                  w.union_code_url=escape(w.location); 
                  if(!B(w,d)){
                      w.union_code_url=g; 
                  }
              }
              w.union_ref_url = '';
              if(B(w,d)&&g){
                  w.union_ref_url=g;
              }        
          }
          E();
          A();
      })();

      Comment


      • #4
        Don't see anything malicious in that code. It is opening a window or inserting an iframe. Can't tell about the contents that it adds to the site from the remote locations.

        My personal rule of thumb is to err on the side of caution. If you think it is suspicious or a security risk then don't use it.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud demonstration site.
        vBulletin 5 API - Full / Mobile
        Vote for your favorite feature requests and the bugs you want to see fixed.

        Comment


        • #5
          thanks for your reply..
          finally I have removed it from site to avoid any security issue.
          I have added static image url ( http://adbcvgdyhdn/image.png ) instead of javascript.. I think it is much safe??

          Comment


          • #6
            Usually safer.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API - Full / Mobile
            Vote for your favorite feature requests and the bugs you want to see fixed.

            Comment


            • #7
              thanks a lot

              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...
              X