so its better for the sake of security to overcome any design which contain JS.
JS details:
some scripts found in the console as 127.0.0.1:7657/js/ajax.js:-
Code: Select all
var fails = 0;
function ajax(url, target, refresh) {
// native XMLHttpRequest object
if (window.XMLHttpRequest) {
req = new XMLHttpRequest();
req.onreadystatechange = function() {ajaxDone(url, target, refresh);};
req.open("GET", url, true);
req.send(null);
// IE/Windows ActiveX version
} else if (window.ActiveXObject) {
req = new ActiveXObject("Microsoft.XMLDOM");
if (req) {
req.onreadystatechange = function() {ajaxDone(target);};
req.open("GET", url, true);
req.send(null);
}
}
}
function ajaxDone(url, target, refresh) {
// only if req is "loaded"
if (req.readyState == 4) {
// only if "OK"
if (req.status == 200) {
fails = 0;
results = req.responseText;
document.getElementById(target).innerHTML = results;
//document.getElementsbyClassName("hideifdown").style.display="block";
} else if (fails == 0) {
// avoid spurious message if cancelled by user action
fails++;
} else {
document.getElementById(target).innerHTML = failMessage;
//document.getElementByClassName("hideifdown").style.display="none";
}
// conditionally display graph so ajax call doesn't interfere with refreshGraph.js
var graph = document.getElementById("sb_graphcontainer");
if (graph) {
graph.style.backgroundImage = "url(/viewstat.jsp?stat=bw.combined&periodCount=20&width=220&height=50&hideLegend=true&hideGrid=true&time=" + new Date().getTime();
}
setTimeout(function() {ajax(url, target, refresh);}, refresh);
}
}
Code: Select all
function injectClass(f) {
f.className += ' iframed';
var doc = 'contentDocument' in f? f.contentDocument : f.contentWindow.document;
doc.body.className += ' iframed';
}
function resizeFrame(f) {
// offsetHeight returns the height of the visible area for an object, in pixels.
// The value contains the height with the padding, scrollBar, and the border,
// but does not include the margin. Therefore, any content within the iframe
// should have no margins at the very top or very bottom to avoid a scrollbar.
var doc = 'contentDocument' in f? f.contentDocument : f.contentWindow.document;
var totalHeight = doc.body.offsetHeight;
// Detect if horizontal scrollbar is present, and add its width to height if so.
// This prevents a vertical scrollbar appearing when the min-width is passed.
// FIXME: How to detect horizontal scrollbar in iframe? Always apply for now.
if (true) {
// Create the measurement node
var scrollDiv = document.createElement("div");
scrollDiv.className = "scrollbar-measure";
scrollDiv.style.width = "100px";
scrollDiv.style.height = "100px";
scrollDiv.style.overflow = "scroll";
scrollDiv.style.position = "absolute";
scrollDiv.style.top = "-9999px";
document.body.appendChild(scrollDiv);
// Get the scrollbar width
var scrollbarWidth = scrollDiv.offsetWidth - scrollDiv.clientWidth;
totalHeight += scrollbarWidth;
// Delete the div
document.body.removeChild(scrollDiv);
}
f.style.height = totalHeight + "px";
}
Code: Select all
// resets scroll position of element
// use with onblur to clear scroll position when element loses focus
// reset scroll to left position
function resetScrollLeft(element) {
element.scrollLeft = 0;
}
// reset scroll to top position
function resetScrollTop(element) {
element.scrollTop = 0;
}