miscoded

the web is a hack

It's hard to blacklist..

Monday, April 4, 2011 12:50:18 PM

EDIT: This post was nonsense, I must be tired. Basically I found an odd-looking script, didn't read it carefully enough and assumed it did checks on location.href that were actually done on location.search. Ten seconds after clicking publish I realised that I had misread it and written something stupid. (I know I'm tired - for personal reasons - but surprised to see myself making such silly mistakes..).

I've removed the post content but will paste it in a comment. The reason for doing that is I won't let some snide comments about code that made more sense than I thought remain on the main blog, but I won't airbrush away this stupid incident either p

The hard life of browser testers..a peculiar cross-browser onresize quirk

Comments

Unregistered user Monday, April 4, 2011 12:57:54 PM

Anonymous writes: The URL goes to "Page not found". Did they already nuke the bad JavaScript or am I missing something?

Hallvord R. M. Steenhallvors Monday, April 4, 2011 1:04:32 PM

So, this is the removed post, with an apology to the coders behind www.maxilamba.com (though I do think their blacklisting of NSFW sites is a relatively pointless task - it will turn into a rather big file.. and indexOf() wouldn't cover potentially usable hostname variations either..):

I know absolutely nothing about this site except the fact that a number of other sites should avoid including http://www.maxilamba.com/error.js. If that script happens to run on the four blacklisted sites, it will show an error message:
var disallowed = "http://www.maxilamba.com/error.html?video=disallowed";
if ((window.location.search.substring(1).indexOf("video") == 0)||(window.location.search.substring(1).indexOf("embed") == 0)) {
if ((window.location.search.substring(14).indexOf("xtourl.com") == 0)||(window.location.search.substring(14).indexOf("www.xtourl.com") == 0)) {
window.top.location.href = disallowed;
// Three more if-blocks of the same type snipped.


Blacklisting is so hard, right? Luckily indexOf() comes to the rescue. I guess the only remaining difficulty is to get those blacklisted sites to actually add a SCRIPT SRC="http://www.maxilamba.com/error.js" tag so that they will actually be affected by the blacklisting!

(Minor warning: I'd say that the http://www.maxilamba.com/error.js URL is NSFW, not only because the NSFW-sites it references, but also because if your workplace has any sort of coding competence they might get shocked and fire you simply for looking at such grossly incompetent JavaScript. :-p)

Hallvord R. M. Steenhallvors Monday, April 4, 2011 1:06:18 PM

(and now I'll keep working.very.carefully so I don't say too many other stupid things today..)

Michael A. Puls IIburnout426 Monday, April 4, 2011 2:16:51 PM

It's all good. Don't sweat it.

d4rkn1ght Monday, April 4, 2011 5:44:39 PM

It's OK! smile

smqzbq Monday, April 4, 2011 8:48:53 PM

only 3 p00r|\|sites are blocked in maxilamb webplayer? sherlock

this is funny..

Cutting Spoonhellspork Tuesday, April 5, 2011 6:18:20 PM

I only recognized one of those four domains. The internet is a big place. wink Although, amusingly the UserJS manager app informed me that I could install the snippet as a userscript. Didn't risk playing with that option.

Write a comment

New comments have been disabled for this post.