There are situations when you call a certain web address in your web browser, but instead you could be redirected to a website having porn content or other type of content. This was the unfortunate
case of perl.com website, which was redirected for a short period of time to a porn website, due to the presence of a remotely-included Javascript in their webpages HTML code.
O'Reilly Radar stated: "One of our advertisers was using an ads system that required our pages to load Javascript from their site. It only took three things to turn perl.com into porn.com: (1) the advertiser's domain lapsed, (2) the porn company bought it, (3) they replaced the Javascript that we were loading with a small chunk that redirected to the porn site (note that nothing on or about perl.com changed)." They initially thought that the perl.com website was hacked, because the respective Javascript does not indicate website security leak, due to the known provenance. Their unpleasant experience should always remember us about the insecurities induced by the external Javascripts, widgets or any other type of included code that will be executed on client side.
It is very simple to demonstrate how can a website address, domain or subdomain name be redirected to another one through an external Javascript. Lets consider the next two codes listings, which must be saved as redirection.js:
CODE
window.location="http://webscripts.softpedia.com"
alert ("You will be redirected to SOFTPEDIA WEBSCRIPTS SECTION")
respectively index.html:
CODE
<html>
<head>
<title>Javascript Redirection Example</title>
<script src="redirection.js"></script>
</head>
<body>
This is an example of redirection Javascript.
</body>
</html>
The fourth line from the index.html file (in the second code listing) will load the external Javascript called redirection.js determining the index.html page visitor to be redirected to the web address http://webscripts.softpedia.com. The redirection.js Javascript can be included anywhere in the HTML code. In the presented case, it is assumed that the redirection.js is in the same folder with index.html.
Now we will demonstrate the loading of the redirection.js Javascript from a certain web address. If this Javascript is situated on a webserver, at the address http://domainname.com/redirection.js, then the fourth line in the index.html file will become
CODE
<script src="http://domainname.com/redirection.js"></script>
This is only a simple example of Javascript redirection. It is useful when you define your own Javascript redirection codes. But in case of external Javascript from third party websites, you could always have unpleasant surprises if an ad or widget code is changed. Beside domain redirection with Javascript, other malicious actions could be conducted as long as the respective client side code can be executed through your web pages calls. In conclusion, you must always trust the source code provided by your advertisers and eventually look at the content and code structure in order to determine its actions, especially in case of client side code when known security leaks may exist.
MORE RELATED ARTICLES: 
The Basic Structure of a HTML Template Client-Side Programming HTML Purifier Web Site Development with WYSIWYG HTML Editors Easy Building of Web Applications with HTML/OS Trip into the Future of HTML Windows Media Player in HTML Google Page Creator A Simple Javascript Example Free Translation of Web Pages
Digg this!
Slashdot it!
Add to del.icio.us
Stumble!
Submit to Reddit
Add to Technorati
Furl
PDF
SHARE YOUR OPINION ABOUT 
DO YOU WANT TO CONTACT US?