• (nodebb)

    I got nothing to say about this one. Thinking about it a bit more, maybe "Kill it with fire" ?

  • (nodebb) in reply to MaxiTB

    And make sure the fire is what you get for burning carbon subnitride in ozone. (For reference, that's a flame hotter than the "surface" of the Sun...)

    (1) Also known as dicyanoacetylene, N≡C-C≡C-≡N.

    Addendum 2024-02-28 17:22: Bah: N≡C-C≡C-C≡N

  • Sauron (unregistered)

    Also, the Message string is written raw into the response. Let's hope that string gets sanitized earlier in the logic, so it doesn't also create an HTML injection vulnerability on top of being already terrible code. Reassure me, the string gets sanitized, right? Right?

  • Jason Stringify (unregistered)

    Some other issues:

    • language=javascript (in any casing) is redundant and has been deprecated for many years
    • unnecessary string concatenation
    • multiple calls to Response.Write
    • what happens if message contains a double-quote?
  • TheCPUWizard (unregistered)
    <SCRIPT LANGUAGE="VBScript"> <!-- Function CanDeliver(Dt) CanDeliver = (CDate(Dt) - Now()) > 2 End Function --> </SCRIPT>
  • NoLand (unregistered)

    • Upper-case HTML: check

    • language attribute: check

    • inline script output for messaging: check

    • confusing Java and JavaScript at the backend: check

    I mean, this is code that has proven its use for 25 years or more now! What is there to criticize?

  • (nodebb) in reply to Steve_The_Cynic

    Good point. Kill it with magnetism then :-)

  • Roby McAndrew (unregistered)

    Nuke it from orbit. It's the only way to be sure.

  • Duke of New York (unregistered)

    alert() is a bad way to alert the user if the application is recent enough, and targeted recent enough browsers, to have portable alternatives. But it's old software, using conspicuously old syntax, so probably not.

  • (author) in reply to Duke of New York

    alert has been considered a bad choice for like, 20 years or so.

  • (nodebb) in reply to Sauron

    Classical XSS waiting to happen here. Unless this is demo code for a worst case tutorial, of course...

    Addendum 2024-02-28 15:55: typical double post :(

  • Erk (unregistered)

    I will from now refer to ASP as ASPEN and I will go out in the woods and cut me a thick branch of ASPEN so I can use it to reprogram anyone that calls JavaScript Java.

Leave a comment on “You Need an Alert”

Log In or post as a guest

Replying to comment #:

Log Out

« Return to Article