Unverified cute Javascript hole

Rohit Khare (khare@pest.w3.org)
Mon, 26 Feb 96 21:08:20 -0500


From: Lee Campbell <elwin@media.mit.edu>
Date: Mon, 26 Feb 1996 12:24:41 -0500
To: big-phun@media.mit.edu
Subject: fwd: JavaScript in Netscape 2.0 shouldn't let me do this, but it does

<Forwarded>

> JavaScript in Netscape 2.0 shouldn't let me do this, but it does
>
> John Robert LoVerso, OSF Research Institute
>
> After you've visited one of my pages, any of my
> JavaScript ought to get scrubbed out of your
> browser's memory. You wouldn't want that code to
> live on, snooping, spying, or stealing?
>
> This is a simple example where I engage some
> JavaScript that runs in a (mostly) hidden window.
> This window persists, and hence, the JavaScript I
> wrote persists. From then on, it wakes up every
> second and sees what page you are viewing. If
> you've changed pages, it reports where you now are
> back to me via a CGI, which saves information like
> this:
>
> (The rest at http://www.osf.org/~loverso/javascript/track-me.html)