[4817] in WWW Security List Archive
JavaScript Problem
daemon@ATHENA.MIT.EDU (James Morris)
Fri Mar 14 16:04:12 1997
Date: Sat, 15 Mar 1997 02:26:42 +0100
From: James Morris <jmorris@intercode.com.au>
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
I was recently doing some work with the JavaScript 'replace' method,
and noticed that it was possible to put the Netscape browser into a loop
that the user couldn't easily get out of (in NT, the only way to shut it
down was via the taskbar).
Essentially, if you created a web page which could be referenced as
'/loop.html' which had the following JavaScript code:
function loop()
{
alert("Try and get out of this");
location.replace("/loop.html");
}
and loaded it via the BODY onLoad method, you'd be stuck in a loop and
have to kill the browser if using Netscape 3.01 on NT or Win95 (but not
MSIE 3 - didn't seem to support the 'replace' method).
This seems to be a denial of service attack, and would be particularly
annoying to users without 'advanced' knowledge of their OS (eg. I can
imagine may users resorting to rebooting their machines).
- James.
--
James Morris
<jmorris@intercode.com.au>
http://www.intercode.com.au/
