cr***********@gmail.com wrote:
I'm not a Javascript programmer, and I have a basic question about how
scripts may make use of libraries in Javascript. I thank everyone for
humouring me.
Do all of the libraries required by a script have to reside in the
host environment, or may a custom library be bundled with the script
itself?
I ask because I am trying to assess the significance of Alexander
Sotirov's <a href="http://www.determina.com/security.research/
presentations/bh-eu07/bh-eu07-sotirov-paper.html">HeapLib </a>
library, which provides functionality for manipulating the IE heap.
The library makes it easier to run exploits against IE, but that won't
matter much if those exploits require that HeapLib be installed in the
target environment beforehand.
My thanks to anyone who can help clarify this point for me.
After giving that URL a quick glance to make sure this "library" was not
in the form of an OCX, DLL, or other such binary file, my conclusion is
this:
Anytime a UA or browsing device accesses a web page that contains a
SCRIPT tag, and has JavaScript enabled in that device will immediately
load, and possibly execute whatever it finds included in the page.
SCRIPT tags are not like header files in C/C++. They are more akin to
includes in any of several server-side languages. Once included, then
accessed by the page that does the inclusion, the content of said
include (SCRIPT) is loaded into memory and utilized however the script
or code specifies.
I could be a little off in the semantics, but overall you should have
your answer.
--
-Lost
Remove the extra words to reply by e-mail. Don't e-mail me. I am
kidding. No I am not.