[Javascript] Can I Give Myself a Cookie ?

Thu Apr 24 09:12:54 CDT 2003

I don't believe any of these filesystem methods neccessary to read a
directory's contents are available when run in the browser's context,
unless you were running in a safe zone.

Now if you create some code and place it in a .js file and run it
by itself, then you're running it under the Windows Scripting Host
(WSH - look into it if you're at all interested - very cool stuff can
be done) which is much more powerful and robust.

As I said earlier, most, if not all, exploits have been made a non-
threat nowadays.

Chris Tifer
http://emailajoke.com

----- Original Message -----
From: "David Lovering" <dlovering at gazos.com>
To: "[JavaScript List]" <javascript at LaTech.edu>
Sent: Thursday, April 24, 2003 11:03 AM
Subject: Re: [Javascript] Can I Give Myself a Cookie ?

> Admittedly, most of the tricks I've seen recently depend on Microsoft
> extensions to IE in the JScript/Javascript
> department.  I would refer you to
>
> File.Attributes
> File.Copy
> File.DateCreated
> File.DateLastAccessed
> File.DateLastModified
> File.Delete
> File.Drive
> File.Move
> File.Name
> File.OpenAsTextStream
> File.ParentFolder
> File.Path
> File.ShortName
> File.ShortPath
> File.Size
> File.Type
>
> In addition, there are some nifty Folder commands/Attributes as well:
>
> Folder.Copy
> Folder.Delete
> Folder.Move
> Folder.Attributes
> Folder.DateCreated
> Folder.DateLastAccessed
> Folder.DateLastModified
> Folder.Drive
> Folder.Files
> Folder.IsRootFolder
> Folder.Name
> Folder.ParentFolder
> Folder.Path
> Folder.ShortName
> Folder.ShortPath
> Folder.Size
> Folder.SubFolders
> Folder.Type
>
> The Folder.Files directive returns an array of all the file objects within
> the folder specified.  Using File.Type in a loop enables you to examine
each
> one in turn.  Opening each one as a text stream is useful for breaking out
> the contents (does not work for hidden files, for obvious reasons).
>
> There are a number of other similar directives which I won't elucidate
upon,
> given the space restrictions.
>
> It should be noted that these are Microsoft's Scripting Engine Extensions,
> and are in most cases specific to late-model IE implementations.  I'm
> convinced that the bulk of these were originally written to facilitate
> server-side Javascripts, but according to the MS Technotes these are
> ostensibly offered within each client browser as well.
>
> I hope this explains my impressions voiced in the earlier message(s).
>
> -- Dave Lovering
>
> P.S:  I would refer you to Chapter 9, "Microsoft's Scripting Engine
> Extensions" in the SAMS book "Pure Javascript" by Wyke, Gilliam, and Ting.
> I was working off the 1999 edition, but I understand there's a newer one
> out.  Similar kinds of extensions exist in the Netscape regime, but of
> course it would be unwise to presume that the two sets are in any way
> one-to-one and onto.