Hi all,
I recently passed through the network solutions (verisign)web site and
was astonished that in spite of rejecting all cookies they managed to
insinuate a stealth pop-up onto my machine off-screen (Consumer Insight,
oh really?). I retrieved it and before IE6 gave up the ghost on me saved
it into a text file. Would anyone more qualified than me care to give it
a look over and comment?
Tony Page
HERE'S THE CODE
<html>
<head>
<title>VeriSign Consumer Insight</title>
</head>
<script language=javascript>
var agt=navigator.userAgent.toLowerCase();
var major=(agt.indexOf('6',0));
var client=(agt.indexOf("msie"));
if (client>0)
{window.moveTo(1000,1000);}
else
{window.moveTo(1000,1000);}
</script>
<script language="javascript">
function getCookie(NameOfCookie)
{
if (document.cookie.length > 0)
{
begin = document.cookie.indexOf(NameOfCookie+"=");
if (begin != -1)
{
begin += NameOfCookie.length+1;
end = document.cookie.indexOf(";", begin);
if (end == -1) end = document.cookie.length;
return unescape(document.cookie.substring(begin,
end));
setCookie(NameOfCookie,true,1);
}
}
return null;
}
//function for setting a cookie.
function setCookie(name, value, expires, path, domain, secure) {
document.cookie = name + "=" + escape(value) +
((expires == null) ? "" : "; expires=" + expires.toGMTString()) +
((path == null) ? "" : "; path=" + path) +
((domain == null) ? "" : "; domain=" + domain) +
((secure == null) ? "" : "; secure");
return true;
}
// Expire date assigment (6 Months)
var expiredate;
expiredate=new Date;
expiredate.setMonth(expiredate.getMonth()+6);
// Writing the cookie , when the user sees the pop up.
document.cookie="popseen=seen;expires="+expiredate.toGMTString()+";path=
/;";
document.cookie="popprot="+location.protocol+";expires="+expiredate.toGM
TString()+";path=/;";
function error1()
{ prot=getCookie("prot");
if (prot=="https:")
{
location.href="http://www.networksolutions.com/en_US/popup/popstealth2.h
tml";
}
else
{
location.href="https://www.networksolutions.com/en_US/popup/popstealth2.
html";
}
}
function error2()
{ prot=getCookie("prot");
if (prot=="https:")
{
location.href="http://www.networksolutions.com/en_US/popup/popstealth2.h
tml";
}
else
{
location.href="https://www.networksolutions.com/en_US/popup/popstealth2.
html";
}
}
</script>
<body onerror="error1()">
<form name="F1">
<input type="hidden" name="T1" value="0" size="66">
<input type="hidden" name="T2" value="0" size="66">
<p><font face="Verdana" color="#5B7997">VeriSign Consumer
Insight</font></p>
</form>
<p> </p>
</body>
<script language=javascript>
var agt=navigator.userAgent.toLowerCase();
var major=(agt.indexOf('6',0));
var client=(agt.indexOf("msie"));
if (major>0 && client>0)
{setInterval('vbcheckfx()',1000)}
else
{setInterval('checkfx()',1000)}
function checkfx()
{
setCookie("prot",top.location.protocol);
var x=window.opener.location;
document.F1.T1.value=x;
window.onerror=error1;
if((document.F1.T1.value).indexOf('object')>=1)
{error2();}
}
function openfx()
{
location.href="https://www.verisign.com/popup/zone.html";
}
</script>
<script language="vbscript">
sub vbcheckfx()
dim x
on error resume next
x=window.opener.document.title
document.F1.T1.value=x
if err.number <> 0 then
'errval=1
errx=getCookie("errcnt")
if errx="1" then
openfx
err.clear
'self.close
else
document.cookie="errcnt=1;expires="+expiredate.toGMTString()+";path=/;"
popprot=getCookie("popprot")
if popprot="https:" then
location.href
"http://www.networksolutions.com/en_US/popup/popstealth.html"
else
location.href
"https://www.networksolutions.com/en_US/popup/popstealth.html"
end if
end if
else
document.cookie="errcnt=0;expires="+expiredate.toGMTString()+";path=/;"
'errval=0
end if
end sub
</script>
</html>
[ZambaGrafix]
<websites that work>
tel: +61 2 9953 4425
fax: +61 2 9909 8534
email: ajp at zambagrafix.com
http://www.zambagrafix.com