Silly JavaScript Security

Dec 04, 2003 3:27 PM
Tags:

update It turns out that it's just a browser sniff and you can't do *anything* in Netscape. What laziness.

update Their webmaster has contacted me and wanted to know what browser I was using (this is apparently a bug in Firebird and Mozilla, but not IE).

update I've linked it up; their whole site doesn't use that atrocious script.

Believe me, I've seen some bad stuff, but ChargersUpdate just makes no sense.

If you go to their site, and use the "Page Up" or "Page Down" keys, or even the spacebar, you get the message, "Sorry, you do not have permission to press this key," and then the expected behavior happens (e.g the page scrolls).

Since when do I need permission to use my own spacebar?


Comments: Silly JavaScript Security

What's the url for that? chargers.theinsiders.com and ChargersUpdate.com do not exhibit the behavior that you describe.

Posted by: O'dell on December 4, 2003 3:55 PM | permalink

Errrm, no. Unless you consider crappy browser detection (who still does that, anyway?) with generally crappy code a bug in that browser. Here's what the code says:

function key(k) {
if (isie) {
if (event.keyCode == 17 ||
event.keyCode == 18 || event.keyCode == 93) {
alert("Sorry, you do not have permission to press this key.");
return false;
}
}
if (isnn) {
alert("Sorry, you do not have permission to press this key.");
return false;
}
}

(Too bad the pre tag gets stripped :-))

Posted by: on December 6, 2003 1:56 PM | permalink

A quick search on Google (search for "event.keyCode == 93" etc.) shows there are others adopting this braindead approach. Apparently it's meant to stop people from using functions such as copy and paste and (of course) ye ol' view-source. Sigh.

Posted by: Jan! on December 6, 2003 2:01 PM | permalink

Thanks for the insight, Jan. That "logic" is so stupid and half-assed, it makes my head hurt.

I can't believe that, with all the web developers looking for work, those guys can get away with such laziness.

Lame.

Posted by: Joe Grossberg on December 7, 2003 8:27 PM | permalink

No more comments! Either someone has violated Godwin's Law, I'm tired of the discussion or, most likely, the ten-week window has closed. You can, however, contact me through email.