Basic question: bundling libraries with Javascript

Discussion in 'Javascript' started by craig.burrell@gmail.com, Jun 5, 2007.

  1. Guest

    I'm not a Javascript programmer, and I have a basic question about how
    scripts may make use of libraries in Javascript. I thank everyone for
    humouring me.

    Do all of the libraries required by a script have to reside in the
    host environment, or may a custom library be bundled with the script
    itself?

    I ask because I am trying to assess the significance of Alexander
    Sotirov's <a href="http://www.determina.com/security.research/
    presentations/bh-eu07/bh-eu07-sotirov-paper.html">HeapLib </a>
    library, which provides functionality for manipulating the IE heap.
    The library makes it easier to run exploits against IE, but that won't
    matter much if those exploits require that HeapLib be installed in the
    target environment beforehand.

    My thanks to anyone who can help clarify this point for me.
    , Jun 5, 2007
    #1
    1. Advertising

  2. -Lost Guest

    wrote:
    > I'm not a Javascript programmer, and I have a basic question about how
    > scripts may make use of libraries in Javascript. I thank everyone for
    > humouring me.
    >
    > Do all of the libraries required by a script have to reside in the
    > host environment, or may a custom library be bundled with the script
    > itself?
    >
    > I ask because I am trying to assess the significance of Alexander
    > Sotirov's <a href="http://www.determina.com/security.research/
    > presentations/bh-eu07/bh-eu07-sotirov-paper.html">HeapLib </a>
    > library, which provides functionality for manipulating the IE heap.
    > The library makes it easier to run exploits against IE, but that won't
    > matter much if those exploits require that HeapLib be installed in the
    > target environment beforehand.
    >
    > My thanks to anyone who can help clarify this point for me.


    After giving that URL a quick glance to make sure this "library" was not
    in the form of an OCX, DLL, or other such binary file, my conclusion is
    this:

    Anytime a UA or browsing device accesses a web page that contains a
    SCRIPT tag, and has JavaScript enabled in that device will immediately
    load, and possibly execute whatever it finds included in the page.

    SCRIPT tags are not like header files in C/C++. They are more akin to
    includes in any of several server-side languages. Once included, then
    accessed by the page that does the inclusion, the content of said
    include (SCRIPT) is loaded into memory and utilized however the script
    or code specifies.

    I could be a little off in the semantics, but overall you should have
    your answer.

    --
    -Lost
    Remove the extra words to reply by e-mail. Don't e-mail me. I am
    kidding. No I am not.
    -Lost, Jun 5, 2007
    #2
    1. Advertising

  3. Guest

    On Jun 5, 1:03 pm, -Lost <> wrote:
    > wrote:
    > > I'm not a Javascript programmer, and I have a basic question about how
    > > scripts may make use of libraries in Javascript. I thank everyone for
    > > humouring me.

    >
    > > Do all of the libraries required by a script have to reside in the
    > > host environment, or may a custom library be bundled with the script
    > > itself?

    >
    > > I ask because I am trying to assess the significance of Alexander
    > > Sotirov's <a href="http://www.determina.com/security.research/
    > > presentations/bh-eu07/bh-eu07-sotirov-paper.html">HeapLib </a>
    > > library, which provides functionality for manipulating the IE heap.
    > > The library makes it easier to run exploits against IE, but that won't
    > > matter much if those exploits require that HeapLib be installed in the
    > > target environment beforehand.

    >
    > > My thanks to anyone who can help clarify this point for me.

    >
    > After giving that URL a quick glance to make sure this "library" was not
    > in the form of an OCX, DLL, or other such binary file, my conclusion is
    > this:
    >
    > Anytime a UA or browsing device accesses a web page that contains a
    > SCRIPT tag, and has JavaScript enabled in that device will immediately
    > load, and possibly execute whatever it finds included in the page.
    >
    > SCRIPT tags are not like header files in C/C++. They are more akin to
    > includes in any of several server-side languages. Once included, then
    > accessed by the page that does the inclusion, the content of said
    > include (SCRIPT) is loaded into memory and utilized however the script
    > or code specifies.
    >
    > I could be a little off in the semantics, but overall you should have
    > your answer.
    >
    > --
    > -Lost
    > Remove the extra words to reply by e-mail. Don't e-mail me. I am
    > kidding. No I am not.


    Thank you. That does help to clarify my question.
    , Jun 5, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steve Sobol
    Replies:
    8
    Views:
    7,936
    Roedy Green
    Aug 18, 2005
  2. Tom Parson
    Replies:
    2
    Views:
    488
    Bjorn Abelli
    May 22, 2006
  3. Ben Finney
    Replies:
    6
    Views:
    303
    Serge Orlov
    Jun 15, 2006
  4. Benjamin

    Bundling Python on Mac

    Benjamin, Nov 29, 2007, in forum: Python
    Replies:
    4
    Views:
    302
    Benjamin
    Dec 1, 2007
  5. Randall Smith

    bundling python with application

    Randall Smith, Jul 27, 2008, in forum: Python
    Replies:
    1
    Views:
    304
    Diez B. Roggisch
    Jul 27, 2008
Loading...

Share This Page