Announcement

Collapse
No announcement yet.

javascript in advertisement and security issue

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • javascript in advertisement and security issue

    Hello,

    Recently I am showing one private company's ad on my site and that company has send his ad in the form of javascript.

    I want to know are there any chance of security issue if that javascript contain some malicious code??

    thanks

  • #2
    It is possible but if this is a known company, the chances are unlikely. You would have to worry more about malicious code if you're advertising warez or black hat security companies.
    Translations provided by Google.

    Wayne Luke
    The Rabid Badger - a vBulletin Cloud customization and demonstration site.
    vBulletin 5 Documentation - Updated every Friday. Report issues here.
    vBulletin 5 API - Full / Mobile
    I am not currently available for vB Messenger Chats.

    Comment


    • #3
      This is script code!!

      Is it has some malicious things??

      Code:
      (function(){
          function s(b){
              return b!=null?'"'+b+'"':'""'
          }
      
          function G(n,v){
              if(v){
                  window.u_a_url+="&"+n+"="+v
              }
          }
      
          function B(w,d){
              return w.top.location==d.location
          }
      
          function S(w,a,sr){    
              a.write('<iframe name="u_a_iframe" width='+s(w.u_a_width)+" height="+s(w.u_a_height)+" frameborder=0 src="+s(sr)+' marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no">');
              a.write("</iframe>")
          }
          function A(){
              var w=window,d=document,t=new Date;
              var u_a_imgurl = "http://***********/Pic/04.gif";
              
              w.u_a_url="http://***********/newshow.php?";
              w.u_a_url+="z_adid="+w.u_a_adindex;
              w.u_a_url+="&z_width="+w.u_a_width;
              w.u_a_url+="&z_height="+w.u_a_height;
              w.u_a_url+="&z_imgurl="+u_a_imgurl;
      
              if(B(w,d)&&d.body){
                  
                  var j=d.body.scrollHeight,v=d.body.clientHeight;
                  if(v&&j){
                      G("z_uc_ks",Math.round(j)) 
                  }
              }
      
              S(w,d,w.u_a_url);
          }
                              
          function C(w,d){
              return true
          }
          function E(){
              var w=window,d=document,e=null;g=d.referrer,w.onerror=C;
              if(w.union_code_url==e){ 
                  w.union_code_url=escape(w.location); 
                  if(!B(w,d)){
                      w.union_code_url=g; 
                  }
              }
              w.union_ref_url = '';
              if(B(w,d)&&g){
                  w.union_ref_url=g;
              }        
          }
          E();
          A();
      })();

      Comment


      • #4
        Don't see anything malicious in that code. It is opening a window or inserting an iframe. Can't tell about the contents that it adds to the site from the remote locations.

        My personal rule of thumb is to err on the side of caution. If you think it is suspicious or a security risk then don't use it.
        Translations provided by Google.

        Wayne Luke
        The Rabid Badger - a vBulletin Cloud customization and demonstration site.
        vBulletin 5 Documentation - Updated every Friday. Report issues here.
        vBulletin 5 API - Full / Mobile
        I am not currently available for vB Messenger Chats.

        Comment


        • #5
          thanks for your reply..
          finally I have removed it from site to avoid any security issue.
          I have added static image url ( http://adbcvgdyhdn/image.png ) instead of javascript.. I think it is much safe??

          Comment


          • #6
            Usually safer.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud customization and demonstration site.
            vBulletin 5 Documentation - Updated every Friday. Report issues here.
            vBulletin 5 API - Full / Mobile
            I am not currently available for vB Messenger Chats.

            Comment


            • #7
              thanks a lot

              Comment

              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
              Working...
              X