Source language: Translate to:

the BrowserExecScript action

Questions about using NeoBook's scripting language

Moderator: Neosoft Support

the BrowserExecScript action

Postby fkapnist » Thu Jan 01, 2015 3:02 pm

.
I am using a javascript in the BrowserExecScript action of a WebBrowser object. It calls a Neobook GoSub routine that reads and writes to an INI file. But I get a blocking warning unless I switch off the Enhanced Security checkbox. What are the security risks? Can't Neobook differentiate between an external javascript and one that is embedded in the PUB? Does it do the same with VBasic ExecScripts?

:?:
.
User avatar
fkapnist
 
Posts: 348
Joined: Mon Nov 17, 2014 4:24 pm
Location: Greece

Re: the BrowserExecScript action

Postby Neosoft Support » Fri Jan 02, 2015 12:01 pm

The only security issue is if the browser object will be visiting websites that are not under your control. If the website had an embedded NeoBook action that did something mischievous (like erase files, etc.). I haven't heard of this happening anywhere, but it is theoretically possible.

From the help file:

When the Enhanced Security option is enabled, NeoBook will not allow potentially dangerous Actions embedded within HTML hyperlinks to be executed. (See Embedding NeoBook Actions Inside an HTML Document.) Prohibited Actions include: Run, ExecuteAddOn, FileCopy, FileDelLine, FileErase, FileInsLine, FileRead, FileWrite, SendKeys, SaveVariables, CreateFolder, RemoveFolder, RegistryRead, RegistryWrite, SendMail, ExtractFile, Suspend, RunNeoBook, ClickMouse and all plug-in based Actions. Disable the Enhanced Security option if you wish to allow the above Actions to be executed. However, if this Web Browser object will have unrestricted access to the Internet, it is highly recommended that you leave the Enhanced Security option enabled.
NeoSoft Support
Neosoft Support
NeoSoft Team
 
Posts: 5605
Joined: Thu Mar 31, 2005 10:48 pm
Location: Oregon, USA

Re: the BrowserExecScript action

Postby fkapnist » Sat Jan 03, 2015 8:40 am

The only security issue is if the browser object will be visiting websites that are not under your control. If the website had an embedded NeoBook action that did something mischievous (like erase files, etc.). I haven't heard of this happening anywhere, but it is theoretically possible.


There are only three special external methods:

nbSetVar
nbGetVar
nbExecAction


Anyone who knows them can try a brute force attack with various script combinations. However, if the pub author had the ability to rename them with unique IDs , we could have reasonable security without blocking our own scripts..

Just a thought....

:?:
.
User avatar
fkapnist
 
Posts: 348
Joined: Mon Nov 17, 2014 4:24 pm
Location: Greece

Re: the BrowserExecScript action

Postby Neosoft Support » Mon Jan 05, 2015 11:48 am

Anyone who knows them can try a brute force attack with various script combinations. However, if the pub author had the ability to rename them with unique IDs , we could have reasonable security without blocking our own scripts.


That's an interesting idea. We'll have to give that some thought.
NeoSoft Support
Neosoft Support
NeoSoft Team
 
Posts: 5605
Joined: Thu Mar 31, 2005 10:48 pm
Location: Oregon, USA


Return to NeoBook Action Commands

Who is online

Users browsing this forum: Bing [Bot] and 1 guest