| Author |
Topic: Error message |
Richard Bass
From:
Sabang Beach, Philippines
|
Posted 23 Jun 2001 11:30 pm |
|
When I go to Yahoo, which is my home page, I get this error message." A runtime error has occured. Do you wish to debug. Line:134, Error  bject expected, it asks me to click yes or no, it doesn't matter if I click yes or no the error message keeps returning. This just started yesterday, out of the blue.Any help will be greatly appreciated. Thanks Richard |
|
|
 |
Jim Smith
From:
Midlothian, TX, USA
|
Posted 24 Jun 2001 12:40 am
|
|
| That sounds like an error on their web page. You might write Yahoo an email and ask them about it. |
|
|
|
Jack Stoner
From:
Kansas City, MO
|
Posted 24 Jun 2001 2:40 am
|
|
If it's in your home page, that would indicate something that's not compatible with your browser or an error in the html for your home page.
Then, they may have upgraded the page and if you have an older browser it may not recognize the new code. If that's the case you will have to upgrade your browser. For Internet Explorer, V5.5 is the latest. I think Netscape just came out with a new version too. |
|
|
|
Bill Crook
From:
Goodlettsville, TN , Spending my kid's inheritance
|
Posted 24 Jun 2001 5:30 am
|
|
Richard...
I use Yahoo as a homepage,no problems noted with it. I suspect that you may have a problem with your broswer.
|
|
|
|
Jeff Agnew
From:
Dallas, TX
|
Posted 24 Jun 2001 11:19 am
|
|
It's likely a Javascript error caused by poor programming. Also, you have the debugger active. To instruct your browser to ignore it, turn off IE's over-aggressive error reporting and the debugger.
- Go to Tools/Internet Options/Advanced/Browsing
- Deselect "Display a notification about every script error".
- Select "Disable script debugging".
Also, for security reasons many feel you should disable Javascript completely. That's a bit Draconian for me but I do filter it to disable the more obnoxious or insecure exploits. I can tell you how to do so if you're interested but it's fairly lengthy so I won't clog up this thread with it.
What Yahoo did was to change the underlying code behind your home page. Probably to insert another advertisement. Unfortunately, it looks like they didn't check their work very well. |
|
|
|
Richard Bass
From:
Sabang Beach, Philippines
|
Posted 24 Jun 2001 8:56 pm
|
|
| Thanks Jeff that fixed the problem. Thanks everyone for your replies. Richard |
|
|
|
Bobby Lee
From:
Cloverdale, California, USA
|
Posted 28 Jun 2001 8:54 am
|
|
JavaScript is a secure language. It cannot access your file system, period. I don't see any good reason to turn off JavaScript support in the browser. You lose a lot of nice features on Web pages if you turn it off.
------------------
 Bobby Lee - email: quasar@b0b.com - gigs - CDs
Sierra Session 12 (E9), Williams 400X (E9, D6), Sierra Olympic 12 (F Diatonic)
Sierra Laptop 8 (D13), Fender Stringmaster (E13, A6) |
|
|
|
Jeff Agnew
From:
Dallas, TX
|
Posted 28 Jun 2001 11:49 am
|
|
b0b,
While I hate to disagree with our webmaster, I have to point out that Javascript has a history of exploits and insecurities. Some have been patched, some have been rendered moot by newer browsers or proper security settings. Many remain.
For example, under certain conditions it is indeed possible to use Javascript to read the contents of one's hard drive and in one particular case, write to it.
Hotmail was recently vulnerable to an exploit which snagged user IDs and passwords. Another hack gave the ability to gain complete control of the user interface and obtain access to SSL-protected files and web-based e-mail accounts.
In particular, enabling Javascript in HTML mail opens the door to several nasty hacks, including the ability to wiretap e-mail. Joel Scambray's excellent Hacking Exposed recommends specifically that Netscape users turn off Javascript in their mail program simply because of the myriad vulnerabilities. There are several trojans which find easy downloading to users' hard drives via a Javascript-enabled e-mail client.
The probability of a given web site doing damage to your computer is definitely small, but it is definitely there. For that reason, I know several security professionals who refuse to enable it. Going to that extreme does, as you pointed out, deprive one of some nice features on innocuous sites. Accordingly, I use tools that allow me to choose the types of Javascript the browser allows rather than a blanket dismissal of all scripts.
Most of the current exploits involve privacy concerns, such as IP and cookie tracking for the purpose of data mining. I'm a bit morally opposed to that, so I block it. Though not in itself malicious, here's a sample of the information a web site can retrieve from your visit. Run this test. That's more about my configuration than I want a site to know. Mostly because it tells a cracker some of the vulnerabilities to which I may be subject.
As with everything, there is a risk/reward ratio with Javascript. My original comment was intended to convey that, in the opinion of many industry professionals, enough issues with Javascript exist to give them pause. I don't agree because I think the reward outweighs the risk.
|
|
|
|
Jim Smith
From:
Midlothian, TX, USA
|
Posted 28 Jun 2001 12:25 pm
|
|
| b0b, maybe you were thinking of Java which is secure. Javascript has nothing whatsoever to do with Java except that they stole the name. [This message was edited by Jim Smith on 28 June 2001 at 02:33 PM.] |
|
|
|
Bobby Lee
From:
Cloverdale, California, USA
|
Posted 29 Jun 2001 9:34 am
|
|
I know that, Jim.
All of the exploits that Jeff mentioned are related to Javascript in email, not in web browsers. They are all cases of a malicious programmer fooling the recipient into giving him their password. That can be done with a simple, unscripted web page, and it doesn't make Javascript any less secure that HTML in my mind.
I once came across a web page that offered a special deal to AOL users. Just enter your AOL screen name and password, and you got access to some "secret" pages. No Javascript required - just an HTML form.
Web-based email systems could strip Javascript from email messages before displaying them if they were concerned about their customers being spoofed. Most of them are using Javascript of their own in those pages, though. If getmail.com stores hidden, personal information on the pages it sends, and then allows foreign Javascript in the same document, is the language to blame?
I don't use web-based email. I don't trust the companies that run those systems. To me, the price of "free" web-based email systems is loss of personal privacy.
------------------
Bobby Lee - email: quasar@b0b.com - gigs - CDs
Sierra Session 12 (E9), Williams 400X (E9, D6), Sierra Olympic 12 (F Diatonic)
Sierra Laptop 8 (D13), Fender Stringmaster (E13, A6) |
|
|
|
