
96 Chapter 3 • Understanding the Risks Associated with Mobile Code
image.They inserted the following line into HTML code to invoke a
JavaScript pop-up window:
<IMG LOWSRC="javascript:alert('JavaScript message.')">
This caused Hotmail to go back to the drawing board and redesign
their JavaScript filter. Now when you view source code of the message,
you will find it has been converted to:
<IMG lowsrc="javascript:Filtered()">
Exploiting Plug-In Commands
Netscape uses plug-ins for adding advanced functionality, as mentioned
previously. JavaScript has the ability to communicate with a plug-in and
call methods. If a plug-in existed that allowed files to be read ...