{Allegato sospetto} Re: [Soci SLIP] allegato "la notte dei cookies
viventi"
Mauro .
mauropm99 a gmail.com
Mar 28 Mar 2017 21:12:02 CEST
Questo documento html era in una pagina web che
ho scaricato simile a quella della precedente mail.
se non dico stupidaggini, contiene un java script che dovrebbe provocare la
cancellazione dei cookie prima che vengano salvati
settando il tempo di espirazione ad una data precedente.
(è chiaro che ognuno può modificare le politiche sui cookie
tramite le impostazioni del browser, comunque è interessante)
( ho dovuto copiarlo ed incollarlo sulla mail perchè gmail non me lo fa
inviare come allegato).
<xmp>
<html>
<head>
<title>Cookie Functions</title>
</head>
<body>
<script language="javascript">
<!-- begin script
//
// Cookie Functions -- "Night of the Living Cookie" Version (25-Jul-96)
//
// Written by: Bill Dortch, hIdaho Design <bdortch a hidaho.com>
// The following functions are released to the public domain.
//
// This version takes a more aggressive approach to deleting
// cookies. Previous versions set the expiration date to one
// millisecond prior to the current time; however, this method
// did not work in Netscape 2.02 (though it does in earlier and
// later versions), resulting in "zombie" cookies that would not
// die. DeleteCookie now sets the expiration date to the earliest
// usable date (one second into 1970), and sets the cookie's value
// to null for good measure.
//
// Also, this version adds optional path and domain parameters to
// the DeleteCookie function. If you specify a path and/or domain
// when creating (setting) a cookie**, you must specify the same
// path/domain when deleting it, or deletion will not occur.
//
// The FixCookieDate function must now be called explicitly to
// correct for the 2.x Mac date bug. This function should be
// called *once* after a Date object is created and before it
// is passed (as an expiration date) to SetCookie. Because the
// Mac date bug affects all dates, not just those passed to
// SetCookie, you might want to make it a habit to call
// FixCookieDate any time you create a new Date object:
//
// var theDate = new Date();
// FixCookieDate (theDate);
//
// Calling FixCookieDate has no effect on platforms other than
// the Mac, so there is no need to determine the user's platform
// prior to calling it.
//
// This version also incorporates several minor coding improvements.
//
// **Note that it is possible to set multiple cookies with the same
// name but different (nested) paths. For example:
//
// SetCookie ("color","red",null,"/outer");
// SetCookie ("color","blue",null,"/outer/inner");
//
// However, GetCookie cannot distinguish between these and will return
// the first cookie that matches a given name. It is therefore
// recommended that you *not* use the same name for cookies with
// different paths. (Bear in mind that there is *always* a path
// associated with a cookie; if you don't explicitly specify one,
// the path of the setting document is used.)
//
// Revision History:
//
// "Toss Your Cookies" Version (22-Mar-96)
// - Added FixCookieDate() function to correct for Mac date bug
//
// "Second Helping" Version (21-Jan-96)
// - Added path, domain and secure parameters to SetCookie
// - Replaced home-rolled encode/decode functions with Netscape's
// new (then) escape and unescape functions
//
// "Free Cookies" Version (December 95)
//
//
// For information on the significance of cookie parameters, and
// and on cookies in general, please refer to the official cookie
// spec, at:
//
// http://www.netscape.com/newsref/std/cookie_spec.html
//
//******************************************************************
//
// "Internal" function to return the decoded value of a cookie
//
function getCookieVal (offset) {
var endstr = document.cookie.indexOf (";", offset);
if (endstr == -1)
endstr = document.cookie.length;
return unescape(document.cookie.substring(offset, endstr));
}
//
// Function to correct for 2.x Mac date bug. Call this function to
// fix a date object prior to passing it to SetCookie.
// IMPORTANT: This function should only be called *once* for
// any given date object! See example at the end of this document.
//
function FixCookieDate (date) {
var base = new Date(0);
var skew = base.getTime(); // dawn of (Unix) time - should be 0
if (skew > 0) // Except on the Mac - ahead of its time
date.setTime (date.getTime() - skew);
}
//
// Function to return the value of the cookie specified by "name".
// name - String object containing the cookie name.
// returns - String object containing the cookie value, or null if
// the cookie does not exist.
//
function GetCookie (name) {
var arg = name + "=";
var alen = arg.length;
var clen = document.cookie.length;
var i = 0;
while (i < clen) {
var j = i + alen;
if (document.cookie.substring(i, j) == arg)
return getCookieVal (j);
i = document.cookie.indexOf(" ", i) + 1;
if (i == 0) break;
}
return null;
}
//
// Function to create or update a cookie.
// name - String object containing the cookie name.
// value - String object containing the cookie value. May contain
// any valid string characters.
// [expires] - Date object containing the expiration data of the cookie. If
// omitted or null, expires the cookie at the end of the current session.
// [path] - String object indicating the path for which the cookie is valid.
// If omitted or null, uses the path of the calling document.
// [domain] - String object indicating the domain for which the cookie is
// valid. If omitted or null, uses the domain of the calling document.
// [secure] - Boolean (true/false) value indicating whether cookie
transmission
// requires a secure channel (HTTPS).
//
// The first two parameters are required. The others, if supplied, must
// be passed in the order listed above. To omit an unused optional field,
// use null as a place holder. For example, to call SetCookie using name,
// value and path, you would code:
//
// SetCookie ("myCookieName", "myCookieValue", null, "/");
//
// Note that trailing omitted parameters do not require a placeholder.
//
// To set a secure cookie for path "/myPath", that expires after the
// current session, you might code:
//
// SetCookie (myCookieVar, cookieValueVar, null, "/myPath", null, true);
//
function SetCookie (name,value,expires,path,domain,secure) {
document.cookie = name + "=" + escape (value) +
((expires) ? "; expires=" + expires.toGMTString() : "") +
((path) ? "; path=" + path : "") +
((domain) ? "; domain=" + domain : "") +
((secure) ? "; secure" : "");
}
// Function to delete a cookie. (Sets expiration date to start of epoch)
// name - String object containing the cookie name
// path - String object containing the path of the cookie to
delete. This MUST
// be the same as the path used to create the cookie, or
null/omitted if
// no path was specified when creating the cookie.
// domain - String object containing the domain of the cookie to
delete. This MUST
// be the same as the domain used to create the cookie, or
null/omitted if
// no domain was specified when creating the cookie.
//
function DeleteCookie (name,path,domain) {
if (GetCookie(name)) {
document.cookie = name + "=" +
((path) ? "; path=" + path : "") +
((domain) ? "; domain=" + domain : "") +
"; expires=Thu, 01-Jan-70 00:00:01 GMT";
}
}
//
// Examples
//
var expdate = new Date ();
FixCookieDate (expdate); // Correct for Mac date bug - call only once
for given Date object!
expdate.setTime (expdate.getTime() + (24 * 60 * 60 * 1000)); // 24 hrs from now
SetCookie ("ccpath", "http://www.hidaho.com/colorcenter/", expdate);
SetCookie ("ccname", "hIdaho Design ColorCenter", expdate);
SetCookie ("tempvar", "This is a temporary cookie.");
SetCookie ("ubiquitous", "This cookie will work anywhere in this
domain",null,"/");
SetCookie ("paranoid", "This cookie requires secure
communications",expdate,"/",null,true);
SetCookie ("goner", "This cookie must die!");
document.write (document.cookie + "<br>");
DeleteCookie ("goner");
document.write (document.cookie + "<br>");
document.write ("ccpath = " + GetCookie("ccpath") + "<br>");
document.write ("ccname = " + GetCookie("ccname") + "<br>");
document.write ("tempvar = " + GetCookie("tempvar") + "<br>");
// end script -->
</script>
</body>
</html>
</xmp>
2017-03-27 11:20 GMT+02:00 Stefano Pirra <pirraste a gmail.com>:
> Questo codice mi sembra che dichiari un '"oggetto" cookie custom, con
> alcune proprietà (domain, path, exp, ..) separate da ';'
> Questo "oggetto" viene salvato in un cookie reale di pagina ... la
> differenza consiste nel fatto che il cookie reale è un document.cookie,
> mentre quello custom è un window.cookie
>
> Non trovo / comprendo il problema, ma forse dovrei approfondire l'articolo
> citato nell'altra mail :)
>
>
>
> On Mon, Mar 27, 2017 at 10:51 AM, Mauro . <mauropm99 a gmail.com> wrote:
>
>> Grazie, Stefano per la risposta.
>>
>> Questo è l' allegato del java script che volevo farvi vedere e che è stato
>> rimosso da Gmail:
>>
>> /*******************************************************
>> COOKIE FUNCTIONALITY
>> Based on "Night of the Living Cookie" by Bill Dortch
>> (c) 2003, Ryan Parman
>> http://www.skyzyx.com
>> Distributed according to SkyGPL 2.1, http://www.skyzyx.com/license/
>> *******************************************************/
>> function cookie(name, value, expires, path, domain, secure)
>> {
>> // Passed Values
>> this.name=name;
>> this.value=value;
>> this.expires=expires;
>> this.path=path;
>> this.domain=domain;
>> this.secure=secure;
>>
>> // Read cookie
>> this.read=function()
>> {
>> // To allow for faster parsing
>> var ck=document.cookie;
>>
>> var arg = this.name + "=";
>> var alen = arg.length;
>> var clen = ck.length;
>> var i = 0;
>>
>> while (i < clen)
>> {
>> var j = i + alen;
>> if (ck.substring(i, j) == arg)
>> {
>> var endstr = ck.indexOf (";", j);
>> if (endstr == -1) endstr = ck.length;
>> return unescape(ck.substring(j, endstr));
>> }
>> i = ck.indexOf(" ", i) + 1;
>> if (i == 0) break;
>> }
>> return null;
>> }
>>
>> // Set cookie
>> this.set=function()
>> {
>> // Store initial value of "this.expires" for re-initialization.
>> expStore=this.expires;
>>
>> // Set time to absolute zero.
>> exp = new Date();
>> base = new Date(0);
>> skew = base.getTime();
>> if (skew > 0) exp.setTime (exp.getTime() - skew);
>> exp.setTime(exp.getTime() + (this.expires*24*60*60*1000));
>> this.expires=exp;
>>
>> document.cookie = this.name + "=" + escape (this.value) +
>> ((this.expires) ? "; expires=" +
>> this.expires.toGMTString() : "") +
>> ((this.path) ? "; path=" + this.path : "") +
>> ((this.domain) ? "; domain=" + this.domain : "") +
>> ((this.secure) ? "; secure" : "");
>>
>> // Re-initialize
>> this.expires=expStore;
>> }
>>
>> // Kill cookie
>> this.kill=function()
>> {
>> document.cookie = this.name + "=" +
>> ((this.path) ? "; path=" + this.path : "") +
>> ((this.domain) ? "; domain=" + this.domain : "") +
>> "; expires=Thu, 01-Jan-70 00:00:01 GMT";
>> }
>>
>> // Change cookie settings.
>> this.changeName=function(chName) { this.kill(); this.name=chName;
>> this.set(); }
>> this.changeVal=function(chVal) { this.kill(); this.value=chVal;
>> this.set(); }
>> this.changeExp=function(chExp) { this.kill(); this.expires=chExp;
>> this.set(); }
>> this.changePath=function(chPath) { this.kill(); this.path=chPath;
>> this.set(); }
>> this.changeDomain=function(chDom) { this.kill(); this.domain=chDom;
>> this.set(); }
>> this.changeSecurity=function(chSec) { this.kill();
>> this.secure=chSec; this.set(); }
>> }
>>
>> _______________________________________________
>> Soci mailing list
>> Soci a mail.pinerolo.linux.it
>> https://liszt.softwareliberopinerolo.org/vecchiamlsoci/
>>
>
>
> _______________________________________________
> Soci mailing list
> Soci a mail.pinerolo.linux.it
> https://liszt.softwareliberopinerolo.org/vecchiamlsoci/
>
-------------- parte successiva --------------
Il file allegato none (inline) e' stato rimosso perche' sospetto. Contattare l'amministratore del sistema comunicando l'ID messaggio 58DAB5AC_6070_423_1 per ricevere l'allegato rimosso.
Maggiori informazioni sulla lista
Soci