473,324 Members | 2,214 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

Basic question: bundling libraries with Javascript


I'm not a Javascript programmer, and I have a basic question about how
scripts may make use of libraries in Javascript. I thank everyone for
humouring me.

Do all of the libraries required by a script have to reside in the
host environment, or may a custom library be bundled with the script
itself?

I ask because I am trying to assess the significance of Alexander
Sotirov's <a href="http://www.determina.com/security.research/
presentations/bh-eu07/bh-eu07-sotirov-paper.html">HeapLib </a>
library, which provides functionality for manipulating the IE heap.
The library makes it easier to run exploits against IE, but that won't
matter much if those exploits require that HeapLib be installed in the
target environment beforehand.

My thanks to anyone who can help clarify this point for me.

Jun 5 '07 #1
2 1487
cr***********@gmail.com wrote:
I'm not a Javascript programmer, and I have a basic question about how
scripts may make use of libraries in Javascript. I thank everyone for
humouring me.

Do all of the libraries required by a script have to reside in the
host environment, or may a custom library be bundled with the script
itself?

I ask because I am trying to assess the significance of Alexander
Sotirov's <a href="http://www.determina.com/security.research/
presentations/bh-eu07/bh-eu07-sotirov-paper.html">HeapLib </a>
library, which provides functionality for manipulating the IE heap.
The library makes it easier to run exploits against IE, but that won't
matter much if those exploits require that HeapLib be installed in the
target environment beforehand.

My thanks to anyone who can help clarify this point for me.
After giving that URL a quick glance to make sure this "library" was not
in the form of an OCX, DLL, or other such binary file, my conclusion is
this:

Anytime a UA or browsing device accesses a web page that contains a
SCRIPT tag, and has JavaScript enabled in that device will immediately
load, and possibly execute whatever it finds included in the page.

SCRIPT tags are not like header files in C/C++. They are more akin to
includes in any of several server-side languages. Once included, then
accessed by the page that does the inclusion, the content of said
include (SCRIPT) is loaded into memory and utilized however the script
or code specifies.

I could be a little off in the semantics, but overall you should have
your answer.

--
-Lost
Remove the extra words to reply by e-mail. Don't e-mail me. I am
kidding. No I am not.
Jun 5 '07 #2
On Jun 5, 1:03 pm, -Lost <maventheextrawo...@techie.comwrote:
craig.burr...@gmail.com wrote:
I'm not a Javascript programmer, and I have a basic question about how
scripts may make use of libraries in Javascript. I thank everyone for
humouring me.
Do all of the libraries required by a script have to reside in the
host environment, or may a custom library be bundled with the script
itself?
I ask because I am trying to assess the significance of Alexander
Sotirov's <a href="http://www.determina.com/security.research/
presentations/bh-eu07/bh-eu07-sotirov-paper.html">HeapLib </a>
library, which provides functionality for manipulating the IE heap.
The library makes it easier to run exploits against IE, but that won't
matter much if those exploits require that HeapLib be installed in the
target environment beforehand.
My thanks to anyone who can help clarify this point for me.

After giving that URL a quick glance to make sure this "library" was not
in the form of an OCX, DLL, or other such binary file, my conclusion is
this:

Anytime a UA or browsing device accesses a web page that contains a
SCRIPT tag, and has JavaScript enabled in that device will immediately
load, and possibly execute whatever it finds included in the page.

SCRIPT tags are not like header files in C/C++. They are more akin to
includes in any of several server-side languages. Once included, then
accessed by the page that does the inclusion, the content of said
include (SCRIPT) is loaded into memory and utilized however the script
or code specifies.

I could be a little off in the semantics, but overall you should have
your answer.

--
-Lost
Remove the extra words to reply by e-mail. Don't e-mail me. I am
kidding. No I am not.
Thank you. That does help to clarify my question.

Jun 5 '07 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

27
by: Matt Kruse | last post by:
Since this topic has come up several times in other threads, I thought I'd make a separate thread and gather opinions from (hopefully) a more varied range of newsgroup participants. What are...
23
by: Matt Silberstein | last post by:
Are there any good qualities libraries out there, free or for "reasonable" cost? -- Matt Silberstein Do something today about the Darfur Genocide http://www.beawitness.org
4
by: MikeB | last post by:
I've been all over the net with this question, I hope I've finally found a group where I can ask about Visual Basic 2005. I'm at uni and we're working with Visual Basic 2005. I have some books, ...
0
by: bjarne.herland | last post by:
Greetings. My company makes a tool which generates (among other things) PHP client-side bindings to WebServices. We have also implemented a collection of PHP-code required by these bindings...
11
by: walterbyrd | last post by:
With PHP, libraries, apps, etc. to do basic CRUD are everywhere. Ajax and non-Ajax solutions abound. With Python, finding such library, or apps. seems to be much more difficult to find. I...
4
by: pedrito | last post by:
I have a regex question and it never occurred to me to ask here, until I saw Jesse Houwing's quick response to Phil for his Regex question. I have some filenames that I'm trying to parse out of...
4
by: Benjamin | last post by:
Hello, I'm writing a Python/PyQt application. For my Mac distribution. I would like to include all the needed libraries in the Mac bundle. How should I go about doing this?
1
by: Randall Smith | last post by:
I'd like to bundle Python with my app, which will be targeted at Linux, Windows and Mac. Discussions I've found about this tend to lead to py2exe, freeze, etc, but I'd like to do something rather...
2
by: Newbie | last post by:
Hi, I am just starting to learn to use XML, so this is a really basic question. I have managed to write my XML document to disk, and now want to read it back, and get the values from the XML...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: af34tf | last post by:
Hi Guys, I have a domain whose name is BytesLimited.com, and I want to sell it. Does anyone know about platforms that allow me to list my domain in auction for free. Thank you
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.