You are not logged in.

#1 2021-11-14 08:28:16

Ferdinand
Member
From: Norway
Registered: 2020-01-02
Posts: 331

Forum and Wiki scripts

Kudos for having web pages and a forum that works perfectly without any scripts!

There is something in there though, even if I can't figure out what it's used for:
afqabK5.png

So, out of curiosity - what do the archlinux.org scripts do?
As they are client side, I guess I should be able to figure out myself(?), but that bit is black magic to me, though smile

Offline

#2 2021-11-14 09:06:07

seth
Member
Registered: 2012-09-03
Posts: 49,980

Re: Forum and Wiki scripts

<script type="text/javascript">
/* <![CDATA[ */
function process_form(the_form)
{
	var required_fields = {
		"req_message": "Message"
	};
	if (document.all || document.getElementById)
	{
		for (var i = 0; i < the_form.length; ++i)
		{
			var elem = the_form.elements[i];
			if (elem.name && required_fields[elem.name] && !elem.value && elem.type && (/^(?:text(?:area)?|password|file)$/i.test(elem.type)))
			{
				alert('"' + required_fields[elem.name] + '" is a required field in this form.');
				elem.focus();
				return false;
			}
		}
	}
	return true;
}
/* ]]> */
</script>

What do you think that black magic does?

Offline

#3 2021-11-14 09:07:46

lahwaacz
Wiki Admin
From: Czech Republic
Registered: 2012-05-29
Posts: 748

Re: Forum and Wiki scripts

Why do you care? You've posted a proof via imgur.com, which does not work at all without javascript... Have you asked them the same question before using their service?

Offline

#4 2021-11-14 13:08:15

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: Forum and Wiki scripts

It doesn't look like that js blurb does anything that wouldn't be accomplished by the browser anyways if the relevant input fields included the "required" html attribute.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#5 2021-11-14 13:15:20

Ammako
Member
Registered: 2021-07-16
Posts: 267

Re: Forum and Wiki scripts

lahwaacz wrote:

Why do you care? You've posted a proof via imgur.com, which does not work at all without javascript... Have you asked them the same question before using their service?

What a pointlessly abrasive reply to someone asking a perfectly reasonable question in the nicest way possible. Do you have anything of value to add?

Are we not allowed to understand what something does unless we understand every single other little thing first?

Last edited by Ammako (2021-11-14 13:16:23)

Offline

#6 2021-11-14 13:42:42

seth
Member
Registered: 2012-09-03
Posts: 49,980

Re: Forum and Wiki scripts

Trilby wrote:

It doesn't look like that js blurb does anything that wouldn't be accomplished by the browser anyways if the relevant input fields included the "required" html attribute.

https://bbs.archlinux.org/viewtopic.php?id=198833
https://bbs.archlinux.org/viewtopic.php?id=248918

Probably down to "fluxbb is old and unmaintained" (and likely simply predates that flag…)

Offline

#7 2021-11-14 13:48:56

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: Forum and Wiki scripts

It should be easier to edit the html templates to add the required attribute to the input fields than it was to write a js function, insert the js function, and still have to edit the html templates to insert a call to the js function into each form's onclick handler.


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#8 2021-11-14 13:55:20

Ferdinand
Member
From: Norway
Registered: 2020-01-02
Posts: 331

Re: Forum and Wiki scripts

I was just curious; I haven't noticed any functionality not working if I keep the scripts disabled..

Thank you @Seth, for showing me the script.

@lahwaacz, it's not like I don't run scripts - I just enable them as needed.
As for imgur.com, I need to enable the imgur.com and media-lab.ai scripts, but there's a truckload of other scripts I don't need though:
qFBnp4w.png
I tend to be particular about it, so I have added a huge blacklist to NoScript, but I also trust some scripts for sites I use regularly (such as https://www.qwant.com) - I just try not to have my browser soiled down more than necessary by all the junk that floats past tongue

And when it comes to black magic: I guess it's Ferdinand-speech for pretty much everything I don't know enough about. In this case, I know the scripts must be transferred from the server to the client in order for the client to be able to run them, but I assume they are either compiled to bytecode or uglified and, in effect, pretty much unintelligible - but they are transferred after all, and I guess maybe it is possible to get some information out of whatever is transferred, by means of decompilation or un-uglification or something - but that stuff is black magic to me; I don't know enough about it, and can hope a friendly magician will take pity on my ignorant self, and enlighten me, or I can sit down and study it. I often find I need either more luck or more time smile

Offline

#9 2021-11-14 14:08:56

Trilby
Inspector Parrot
Registered: 2011-11-29
Posts: 29,442
Website

Re: Forum and Wiki scripts

There is no such thing as compiled / byte-compiled javascript (there is web assembly, but that's still fairly rare and needs to be called from JS anyways).  There is certainly obfuscated javascript where the author deliberately makes it difficult to understand what the code is doing - any site containing such nonsense should be avoided like the plague.

Then there is "minified" JS which has no ill intent, but in most cases it is so foolish as to make me question the competence of the authors who would use it (and therefore question whether I should allow their code to run in the first place): the intended goal of minified JS is to sacrifice all readability in the name of some hoped-for optimization of download speed.  The benefits are negligible at best (especially when any modern server will provide the option of compressed content downloads anyways ... not to mention browsers caching content).

But obviously, the JS code on these forums is doing none of the above.  It's short, simple, and quite clear what it does (just not why if you ask me).  And if you are already running a script blocker and selectively picking which sites to allow scripts from, you should know how to open a web inspector or otherwise view the source of the page in question to get a quick glance at what the script content actually is.  If you can't do this, how on earth could you make even a remotely informed decision on which scripts to trust?  Do you just assume big sites like failbook have your best interests at heart and blindly trust their scripts in exchange for all access to cat videos?

Last edited by Trilby (2021-11-14 14:10:02)


"UNIX is simple and coherent..." - Dennis Ritchie, "GNU's Not UNIX" -  Richard Stallman

Offline

#10 2021-11-14 14:43:29

Ferdinand
Member
From: Norway
Registered: 2020-01-02
Posts: 331

Re: Forum and Wiki scripts

Thank's for explaining the magic, @Trilby.
And a good question too! I find that I can indeed see the script Seth posted in the page source, and I stand ashamed - I should have checked before I asked tongue
I have looked for scripts at other sites though, and not found anything I could relate to, and so I assumed (sigh) that it wasn't that easy. I'm rubbish at web development.

To answer; I don't evaluate scripts. I add  known spam servers or domains to the untrusted list in NoScript, and then, during browsing, if a site isn't working properly (like imgur.com) I either go somewhere else, or I enable the minimum set of scripts that will make the site work (for imgur.com that is imgur.com and media-lab.ai).
So my method is quite basic; I duck as much as possible and face what's left smile

Offline

Board footer

Powered by FluxBB