bject expected, it asks me to click yes or no, it doesn't matter if I click yes or no the error message keeps returning. This just started yesterday, out of the blue.Any help will be greatly appreciated. Thanks RichardError message
Moderator: Wiz Feinberg
-
Richard Bass
- Posts: 864
- Joined: 5 Mar 1999 1:01 am
- Location: Sabang Beach, Philippines
Error message
When I go to Yahoo, which is my home page, I get this error message." A runtime error has occured. Do you wish to debug. Line:134, Error bject expected, it asks me to click yes or no, it doesn't matter if I click yes or no the error message keeps returning. This just started yesterday, out of the blue.Any help will be greatly appreciated. Thanks Richard
bject expected, it asks me to click yes or no, it doesn't matter if I click yes or no the error message keeps returning. This just started yesterday, out of the blue.Any help will be greatly appreciated. Thanks Richard-
Jack Stoner
- Posts: 22136
- Joined: 3 Dec 1999 1:01 am
- Location: Kansas City, MO
If it's in your home page, that would indicate something that's not compatible with your browser or an error in the html for your home page.
Then, they may have upgraded the page and if you have an older browser it may not recognize the new code. If that's the case you will have to upgrade your browser. For Internet Explorer, V5.5 is the latest. I think Netscape just came out with a new version too.
Then, they may have upgraded the page and if you have an older browser it may not recognize the new code. If that's the case you will have to upgrade your browser. For Internet Explorer, V5.5 is the latest. I think Netscape just came out with a new version too.
-
Bill Crook
- Posts: 1834
- Joined: 4 Aug 1998 11:00 pm
- Location: Goodlettsville, TN , Spending my kid's inheritance
- Contact:
-
Jeff Agnew
- Posts: 741
- Joined: 18 Sep 1998 12:01 am
- Location: Dallas, TX
It's likely a Javascript error caused by poor programming. Also, you have the debugger active. To instruct your browser to ignore it, turn off IE's over-aggressive error reporting and the debugger.
<ol>[*]Go to Tools/Internet Options/Advanced/Browsing
[*]Deselect "Display a notification about every script error".
[*]Select "Disable script debugging".[/list]
Also, for security reasons many feel you should disable Javascript completely. That's a bit Draconian for me but I do filter it to disable the more obnoxious or insecure exploits. I can tell you how to do so if you're interested but it's fairly lengthy so I won't clog up this thread with it.
What Yahoo did was to change the underlying code behind your home page. Probably to insert another advertisement. Unfortunately, it looks like they didn't check their work very well.
<ol>[*]Go to Tools/Internet Options/Advanced/Browsing
[*]Deselect "Display a notification about every script error".
[*]Select "Disable script debugging".[/list]
Also, for security reasons many feel you should disable Javascript completely. That's a bit Draconian for me but I do filter it to disable the more obnoxious or insecure exploits. I can tell you how to do so if you're interested but it's fairly lengthy so I won't clog up this thread with it.
What Yahoo did was to change the underlying code behind your home page. Probably to insert another advertisement. Unfortunately, it looks like they didn't check their work very well.
-
Richard Bass
- Posts: 864
- Joined: 5 Mar 1999 1:01 am
- Location: Sabang Beach, Philippines
-
Bobby Lee
- Site Admin
- Posts: 14863
- Joined: 4 Aug 1998 11:00 pm
- Location: Cloverdale, California, USA
- Contact:
JavaScript is a secure language. It cannot access your file system, period. I don't see any good reason to turn off JavaScript support in the browser. You lose a lot of nice features on Web pages if you turn it off.
------------------
<small><img align=right src="http://b0b.com/b0b.gif" width="64" height="64">Bobby Lee - email: quasar@b0b.com - gigs - CDs
Sierra Session 12 (E9), Williams 400X (E9, D6), Sierra Olympic 12 (F Diatonic)
Sierra Laptop 8 (D13), Fender Stringmaster (E13, A6)
------------------
<small><img align=right src="http://b0b.com/b0b.gif" width="64" height="64">Bobby Lee - email: quasar@b0b.com - gigs - CDs
Sierra Session 12 (E9), Williams 400X (E9, D6), Sierra Olympic 12 (F Diatonic)
Sierra Laptop 8 (D13), Fender Stringmaster (E13, A6)
-
Jeff Agnew
- Posts: 741
- Joined: 18 Sep 1998 12:01 am
- Location: Dallas, TX
b0b,
While I hate to disagree with our webmaster, I have to point out that Javascript has a history of exploits and insecurities. Some have been patched, some have been rendered moot by newer browsers or proper security settings. Many remain.
For example, under certain conditions it is indeed possible to use Javascript to read the contents of one's hard drive and in one particular case, write to it.
Hotmail was recently vulnerable to an exploit which snagged user IDs and passwords. Another hack gave the ability to gain complete control of the user interface and obtain access to SSL-protected files and web-based e-mail accounts.
In particular, enabling Javascript in HTML mail opens the door to several nasty hacks, including the ability to wiretap e-mail. Joel Scambray's excellent Hacking Exposed recommends specifically that Netscape users turn off Javascript in their mail program simply because of the myriad vulnerabilities. There are several trojans which find easy downloading to users' hard drives via a Javascript-enabled e-mail client.
The probability of a given web site doing damage to your computer is definitely small, but it is definitely there. For that reason, I know several security professionals who refuse to enable it. Going to that extreme does, as you pointed out, deprive one of some nice features on innocuous sites. Accordingly, I use tools that allow me to choose the types of Javascript the browser allows rather than a blanket dismissal of all scripts.
Most of the current exploits involve privacy concerns, such as IP and cookie tracking for the purpose of data mining. I'm a bit morally opposed to that, so I block it. Though not in itself malicious, here's a sample of the information a web site can retrieve from your visit. Run this test. That's more about my configuration than I want a site to know. Mostly because it tells a cracker some of the vulnerabilities to which I may be subject.
As with everything, there is a risk/reward ratio with Javascript. My original comment was intended to convey that, in the opinion of many industry professionals, enough issues with Javascript exist to give them pause. I don't agree because I think the reward outweighs the risk.
While I hate to disagree with our webmaster, I have to point out that Javascript has a history of exploits and insecurities. Some have been patched, some have been rendered moot by newer browsers or proper security settings. Many remain.
For example, under certain conditions it is indeed possible to use Javascript to read the contents of one's hard drive and in one particular case, write to it.
Hotmail was recently vulnerable to an exploit which snagged user IDs and passwords. Another hack gave the ability to gain complete control of the user interface and obtain access to SSL-protected files and web-based e-mail accounts.
In particular, enabling Javascript in HTML mail opens the door to several nasty hacks, including the ability to wiretap e-mail. Joel Scambray's excellent Hacking Exposed recommends specifically that Netscape users turn off Javascript in their mail program simply because of the myriad vulnerabilities. There are several trojans which find easy downloading to users' hard drives via a Javascript-enabled e-mail client.
The probability of a given web site doing damage to your computer is definitely small, but it is definitely there. For that reason, I know several security professionals who refuse to enable it. Going to that extreme does, as you pointed out, deprive one of some nice features on innocuous sites. Accordingly, I use tools that allow me to choose the types of Javascript the browser allows rather than a blanket dismissal of all scripts.
Most of the current exploits involve privacy concerns, such as IP and cookie tracking for the purpose of data mining. I'm a bit morally opposed to that, so I block it. Though not in itself malicious, here's a sample of the information a web site can retrieve from your visit. Run this test. That's more about my configuration than I want a site to know. Mostly because it tells a cracker some of the vulnerabilities to which I may be subject.
As with everything, there is a risk/reward ratio with Javascript. My original comment was intended to convey that, in the opinion of many industry professionals, enough issues with Javascript exist to give them pause. I don't agree because I think the reward outweighs the risk.
-
Jim Smith
- Posts: 7949
- Joined: 4 Aug 1998 11:00 pm
- Location: Midlothian, TX, USA
-
Bobby Lee
- Site Admin
- Posts: 14863
- Joined: 4 Aug 1998 11:00 pm
- Location: Cloverdale, California, USA
- Contact:
I know that, Jim.
All of the exploits that Jeff mentioned are related to Javascript in email, not in web browsers. They are all cases of a malicious programmer fooling the recipient into giving him their password. That can be done with a simple, unscripted web page, and it doesn't make Javascript any less secure that HTML in my mind.
I once came across a web page that offered a special deal to AOL users. Just enter your AOL screen name and password, and you got access to some "secret" pages. No Javascript required - just an HTML form.
Web-based email systems could strip Javascript from email messages before displaying them if they were concerned about their customers being spoofed. Most of them are using Javascript of their own in those pages, though. If getmail.com stores hidden, personal information on the pages it sends, and then allows foreign Javascript in the same document, is the language to blame?
I don't use web-based email. I don't trust the companies that run those systems. To me, the price of "free" web-based email systems is loss of personal privacy.
------------------
<small><img align=right src="http://b0b.com/b0b.gif" width="64" height="64">Bobby Lee - email: quasar@b0b.com - gigs - CDs
Sierra Session 12 (E9), Williams 400X (E9, D6), Sierra Olympic 12 (F Diatonic)
Sierra Laptop 8 (D13), Fender Stringmaster (E13, A6)
All of the exploits that Jeff mentioned are related to Javascript in email, not in web browsers. They are all cases of a malicious programmer fooling the recipient into giving him their password. That can be done with a simple, unscripted web page, and it doesn't make Javascript any less secure that HTML in my mind.
I once came across a web page that offered a special deal to AOL users. Just enter your AOL screen name and password, and you got access to some "secret" pages. No Javascript required - just an HTML form.
Web-based email systems could strip Javascript from email messages before displaying them if they were concerned about their customers being spoofed. Most of them are using Javascript of their own in those pages, though. If getmail.com stores hidden, personal information on the pages it sends, and then allows foreign Javascript in the same document, is the language to blame?
I don't use web-based email. I don't trust the companies that run those systems. To me, the price of "free" web-based email systems is loss of personal privacy.
------------------
<small><img align=right src="http://b0b.com/b0b.gif" width="64" height="64">Bobby Lee - email: quasar@b0b.com - gigs - CDs
Sierra Session 12 (E9), Williams 400X (E9, D6), Sierra Olympic 12 (F Diatonic)
Sierra Laptop 8 (D13), Fender Stringmaster (E13, A6)