Embarrassed that their code works in IE.
-
This is from the Javascript of some forum software. Try as I might, I can't think of a reason for this bit of code:
this.handler = eval("new A" + "ctiv" + "eX" + "Ob" + "ject('Micr" + "osoft.XM" + "LHTTP');");
-
[quote user="Cap'n Steve"]This is from the Javascript of some forum software. Try as I might, I can't think of a reason for this bit of code:
this.handler = eval("new A" + "ctiv" + "eX" + "Ob" + "ject('Micr" + "osoft.XM" + "LHTTP');");
[/quote]To prevent automatic filters from noticing that the code will only work on Windows, even if you tell the browser to pretend it's IE? (Although why that would be a good thing I don't know. Presumably you want people to be able to tell in advance if the page isn't going to work in their browser, before they start spending a lot of time on filling in forms and so forth...)
-
Seems like suspicious behaviour to me. Doing it like that in the hope of getting around filters or suchlike that are looking for ActiveX controls for security reasons. I wouldn't touch it with a 10 foot punt pole. The ActiveX object in question is probable malware of some sort.
-
The ActiveX object Microsoft.XMLHTTP is actually a pretty standard way of connecting back to the server from JScript/ASP/whatever... I know because I'm struggling to reproduce its functionality on a WinCE platform that doesn't seem to have it.
Now, the script which calls it could certainly be using its powers for evil.
-
Likely, it's to get around client-side filters.
Not that this is necessarily for evil. A few months ago had a client of ours who was wondering why our site wasn't working for them. We asked if they were using any sort of firewall, etc, and they said no; turns out, unsurprisingly, that they were. Their particular firewall of choice had blocked the download of a Javascript file of ours named popup.js. Changing the name of the file (but none of its contents) worked just fine.
-
That would make some sense. I'm hoping these filters look for ActiveX in general and not AJAX.
-
I did something like this to get around filters at Xanga.com. They allow JavaScript, but try to limit what it can do. Obviously they fail miserably.