[1669] in WWW Security List Archive

home help back first fref pref prev next nref lref last post

Re: Netscape && FTP sites

daemon@ATHENA.MIT.EDU (Gene Ingram)
Fri Mar 15 21:56:17 1996

Date: Fri, 15 Mar 1996 16:40:52 -0800
From: Gene Ingram <gene@hpfsvr01.cup.hp.com>
Reply-To: gene@hpfsvr01.cup.hp.com
To: oneel@arupa.gsfc.nasa.gov
Cc: Liz Stokes <ilaine@panix.com>, www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu

oneel@arupa.gsfc.nasa.gov wrote:
> 
> Hi,
>   For some bizzaro reson if you go to http://home.netscape.com/ndx.html
> rather than http://home.netscape.com/ your javascript disabled netscape 2.01
> will give you the netscape home page.
> 
> thankx.
> 
> bruce
> 

I finally figured it out.  The pages are basically the same, except for a minor
difference:

(a)  on <http://home.netscape.com/> the first few lines of the SOURCE 
     (which is displayed by going to web page then selecting "View" 
     menu, "Document Source" menu item) are as follows:

     <HTML>
     <SCRIPT LANGUAGE='JavaScript'>

     followed by the script, then the lines,

     <FRAMESET>
     </FRAMESET>
     <NOFRAMES>
     <HEAD>
     <TITLE>Welcome to Netscape</TITLE>
     </HEAD>

     Pay special attention to the fact the <HEAD> and <TITLE> are AFTER 
     the script, then compare to below..

(b)  on <http://home.netscape.com/ndx.html> 

     <HTML>
     <HEAD>
     <TITLE>Welcome to Netscape</TITLE>
     </HEAD>
     <!--BEGIN FRAME MENU SCRIPT-->
     
     <SCRIPT LANGUAGE="JavaScript">
     
     followed by the script..

Again, to view the source of the web pages, call up (a) <http://home.netscape.com/>
and select "View" menu, "Document Source" menu item; and then call up (b)
<http://home.netscape.com/ndx.html> and select "View" menu, "Document Source" menu
item once again.

Then move the SOURCE windows side-by-side on your screen and compare source html.
They are basically the same EXCEPT for these ``minor'' differences which could
explain why <http://home.netscape.com/> default html file is unable to display page
when JavaScript is disabled in "Options" menu, "Security Preferences" menu item.
If Netscape makes this minor change (perhaps copying its ndx.html over the default
file in home.netscape.com/ directory), they're home free.  :-)

See, everything work out favorably in the end (and do I deserve a pat on the back
by Netscape for figuring out what actually occurred), and I'm especially relieved
to see its a very *simple* solution and not a big deal afterall.  ;-)

Gene

-- 

____________________________________________________________
Gene Ingram                                  gene@cup.hp.com
                                     ingram@pubs.holosys.com
home help back first fref pref prev next nref lref last post