!!! PLEASE REFRAIN FROM VISITING CINGULARONE.COM !!!
Alright, I have (and many others) given fair warning to AT&T, but the issue has not been addressed. Time to shed some light on the fact that AT&T's CingularOne.com website has been hijacked, and is currently hosting a JavaScript exploit that loads content from remote malicious domains.
Here's some visual proof:
Again, please refrain from visiting AT&T's CingularOne.com website until this issue has been fixed.
However, if you just must sneak a peek, then disabling JavaScript and inline frames should mitigate any infection vectors. But to be safe, ensure your anti-virus on-access scanning is enabled, and your AV definitions are updated.
The ASUSProduct Comparison page seems to contain JavaScript code written specifically for MSIE or FF (untested). In any event, the page does not work correctly in Opera, mostly due to their calls to new ActiveXObject.
Below, I've taken the liberty of correcting their processRequest and add JavaScript functions found in this external load_data.js script.
if (document.domain.match(/(uk\.)?asus\.com$/)) {
window.opera.defineMagicFunction("processRequest",
function(a, b, c) {
if (http_request.readyState != 4) return;
if (http_request.status != 200) return;
var dpl1=document.getElementById("dpl_l1");
var dpl2=document.getElementById("dpl_l2");
var dpl3=document.getElementById("dpl_l3");
var dpl4=document.getElementById("dpl_l4");
var lbl=document.getElementById("lbl_model");
var parser = new DOMParser();
var xmldoc = parser.parseFromString(http_request.responseText,"text/xml");
var dataArray = xmldoc.getElementsByTagName('Table1');
var dataArrayLen = dataArray.length;
for (var i=0; i<dataArrayLen; i++)
{
var get_id=dataArray[i].getElementsByTagName("id_name")[0].text;
var get_value=dataArray[i].getElementsByTagName("id_value")[0].text;
var opt = new Option(get_value, get_id, 0, 0);
if (l1!=0&&list_model==2) //load level 2
{
dpl2.disabled=false;
dpl2.add(opt);
}
else if(l2!=0&&list_model==3) //load level 3
{
dpl3.disabled=false;
dpl3.add(opt);
}
else if(l3!=0&&list_model==4) //load level 4
{
dpl4.disabled=false;
dpl4.add(opt);
}
else if (list_model==5)
{
dpl3.disabled=(dpl3.length==1);
lbl.add(opt);
}
}
}, 0);
window.opera.defineMagicFunction("add",
function(a, b, c) {
var lbl=document.getElementById("lbl_model");
var lbl_select=document.getElementById("lbl_model_select");
for(var i=0;i<lbl.options.length;i++)
{
if (!lbl.options[i].selected) continue;
for(var j=0;j<lbl_select.options.length;j++)
if (lbl.options[i].value==lbl_select.options[j].value)
return;
lbl_select.add(new Option(lbl.options[i].text, lbl.options[i].value));
}
}, 0);
}
For those of you who might use this ASUS product comparison page, enjoy.
I was recently involved in our corporate overhaul of our proxy automatic config (.pac) file. Below are some tips if you ever have to do the same. Since some older clients or custom apps may have poor JavaScript support, or may be considered non-standard, thus:
* Always check url and host parameters prior to using them. * Validate all built-in JS functions exist prior to calling them. * Keep the .pac file size as small as possible, to improve download speed. * Keep comments to a minimum, per above. * Since "return" is immediate, avoid using "else" for "if" statements, per above. * Single-line if() statements do not require begin { and end } brackets, per above. * Avoid calling isResolvable(), dnsResolve(), and isInNet() functions, due to DNS performance issues. * Check simple rule exceptions first. * Place high-probability checks early-on and nearest top. * Avoid using any external or global vars/functions. * Since .pac files are text and can be downloaded/viewed by anyone, avoid revealing secrets. * For security reasons, avoid referencing clients by IP addresses. * Use efficient regular expressions, and avoid capturing matches if you don't reference them later on. * To avoid typos, only declare unique return strings once (near top for easy maintenance). * When possible, sort lists of IP addresses and/or domains to ease future maintenance efforts. * Try to group common return values into single conditional if() checks. * For single proxy server environments, return the proxy's static IP address to bypass DNS lookup overhead. * Ensure your text file encoding is proper for your hosting server environment. * If checking IPs or domains, avoid protocol-specific string comparisons against the url parameter. * Randomized proxy load-balancing via pac files is not recommended. * Keep in mind that server access is either proxied or not. Thus, checking ports and protocols is typically not required. * Be sure to check all conditions and exceptions listed in your .pac file prior to deployment. * Obviously, ensure your JavaScript is error-free prior to deployment.
Reloading the example page above shows the high CPU is now gone -- and virtually no page functionality has been lost by blocking this external JavaScript.
Ever wish Opera's mouse cursor behaved like Firefox's or MSIE's in web pages? You know, when you hover over text in a web page, the cursor actually changes to a meaningful text caret, rather than remaining a stupid old default NW mouse cursor.
Usability experts say that text carets (vertical mouse cursor) should be used as a visual feedback mechanism when underlying text can be selected. Plus, text carets do not obscure underlying text, like the default NW mouse cursor does. Personally, this is just one Opera pet peeve solved with User JavaScript.
So, with my latest UserJS script (shown below), now you too can have this 'smart' mouse cursor feature in Opera!
Keep in mind, this script is currently non-optimized for extremely large pages, or pages with poorly written HTML markup and/or scripts. Regardless, it does seem to work pretty well on most sites.
If you're a regular reader of this blog, then you realize how much I despise Yahoo! web developers. Their latest trick is to steal ALL keyboard input using a setTimeout event poller, then place the keystrokes into their stupid global search edit box at the top of the page. Nice going losers.
Anyhow, if you use Yahoo! Sports, and use ANY keyboard commands in Opera, then I highly recommend downloading this script.
Mason C reported in the opera.general newsgroup on Jan 30, 2007 that TitanTV.com schedules could not be printed in Opera. After reviewing his claim, I confirmed it and wrote this UserJS script to work-around the problem:
if (document.domain.match(/^(www\.)?titantv\.com$/)) {
document.addEventListener("load",
function(e) {
var inps = document.getElementsByTagName("input");
for (var i = 0, o; o = inps[i]; i++) {
if (o.type != "image") continue;
if (o.getAttribute("alternate") != "Print") continue;
o.onclick = "window.open(document.forms.Form1.__PrintUrl.value,'','');";
break;
}
}, 0);
}
NOTE: Once the script is installed, reload the page, then click the blue [Print] button that appears on the upper-right corner of their TV schedule pages. Clicking [Print] will open a new pop-up window with a printer-friendly version of the page -- so be sure your Opera pop-up blocker is not set to "Block All". And as always with UserJS scripts, be sure JavaScript is enabled, and that you place the .js file in the correct UserJS folder.
For those of you who use TitanTV.com (very nice, btw, compared to TVGuide.com), and prefer to print-out hard-copies of their TV schedules...enjoy.
For whatever reason, Opera disallows calling the DoStop(), DoPlay(), etc methods of the RealPlayer plug-in on nfl.com -- perhaps for security reasons, since the script which injects the
Yes, Yahoo! stinks when it comes to web coding. Simply right-click any of their pages in Opera, select "Validate", and then watch the markup errors pile-up.
Anyhow, this latest script fixes their NFL and NCAA football play by play display in Opera.
![WalnutTree1[1].jpg](http://files.myopera.com/Lee_Harvey/albums/3090/thumbs/WalnutTree1%5B1%5D.jpg_thumb.jpg)
WIDGETIZE