JavaBoutique : Articles :

Applet Persists Indefinitely; Breaks into JavaScript

Conclusion

In Explorer, the merchant's home site is placed into the new window – this works until the applet gets confused about frame addressing (hey, it’s experimental) - and you can purchase additional items. All of this is done by breaking into the JavaScript interpreter for the current page, from within a persistent applet. Notice that the JAVA frame which was launched within the commercial site persists into any site, and that the buttons continue to work – JAVA can do all the things that JAVA can do, on any page, and no one is able to stop it without my permission. This results from the formation of a pseudo-constructor.

Within the commercial site, the applet can carry information from page to page, without the use of cookies. This results from exploiting a new kind of HTML memory. A program which is launched on one particular page can break into JavaScript on every page within the launching site. This appears to work on all recent browsers, and not just on Netscape.

How does one break into JavaScript? Get the JSObject for the current window, with MAYSCRIPT permission, and then remember it – this window object can then access JavaScript, on Netscape, even when the HTML page has been changed, and when the new page no longer has MAYSCRIPT permission (as long as the <APPLET></APPLET> tags in the original HTML page are surrounded by <FORM> and </FORM> brackets). It is easier to access JavaScript ‘on site’ because the applet’s init() is called whenever the applet is reloaded, and you can use that to refresh the window object so that it remains current – Explorer as well as Netscape can then access JavaScript successfully. For some reason, it is possible on both browsers to jump to a new page, from anywhere, using JavaScript, when that page is in a new window.

I’m sure there are lots of other fun things that one can do – I would think that the designers of JAVA never expected a JAVA class to break away from the launching page and to develop a life of its own.

Post your feedback in the JavaBoutique Forum

You can find the original exploratory article here.

Lane Friesen

lanelise@dowco.com

How to Add Java Applets to Your Site

New on the Java Boutique:

New Review:

Time Management Made Easy with the Quartz Enterprise Job Scheduler
Why not just use the Java timer API? This open source scheduling API boasts simplicity, ease-of-integration, a well-rounded feature set, and it's free!

New Applet:

Reverse Complement
Reverse Complement is a simple applet that converts DNA or RNA sequences into three useful formats.

Elsewhere on internet.com:

WebDeveloper Java
Lots of Java information on webdeveloper.com

WDVL Java
Thorough Java resource at the Web Developer's Virtual Library.

ScriptSearch Java
Hundreds of free Java code files to download.

jGuru: Your View of the Java Universe
Customizable portal with online training, FAQs, regular news updates, and tutorials.