Basic question: bundling libraries with Javascript

C

craig.burrell

I'm not a Javascript programmer, and I have a basic question about how
scripts may make use of libraries in Javascript. I thank everyone for
humouring me.

Do all of the libraries required by a script have to reside in the
host environment, or may a custom library be bundled with the script
itself?

I ask because I am trying to assess the significance of Alexander
Sotirov's <a href="http://www.determina.com/security.research/
presentations/bh-eu07/bh-eu07-sotirov-paper.html">HeapLib </a>
library, which provides functionality for manipulating the IE heap.
The library makes it easier to run exploits against IE, but that won't
matter much if those exploits require that HeapLib be installed in the
target environment beforehand.

My thanks to anyone who can help clarify this point for me.
 
L

-Lost

I'm not a Javascript programmer, and I have a basic question about how
scripts may make use of libraries in Javascript. I thank everyone for
humouring me.

Do all of the libraries required by a script have to reside in the
host environment, or may a custom library be bundled with the script
itself?

I ask because I am trying to assess the significance of Alexander
Sotirov's <a href="http://www.determina.com/security.research/
presentations/bh-eu07/bh-eu07-sotirov-paper.html">HeapLib </a>
library, which provides functionality for manipulating the IE heap.
The library makes it easier to run exploits against IE, but that won't
matter much if those exploits require that HeapLib be installed in the
target environment beforehand.

My thanks to anyone who can help clarify this point for me.

After giving that URL a quick glance to make sure this "library" was not
in the form of an OCX, DLL, or other such binary file, my conclusion is
this:

Anytime a UA or browsing device accesses a web page that contains a
SCRIPT tag, and has JavaScript enabled in that device will immediately
load, and possibly execute whatever it finds included in the page.

SCRIPT tags are not like header files in C/C++. They are more akin to
includes in any of several server-side languages. Once included, then
accessed by the page that does the inclusion, the content of said
include (SCRIPT) is loaded into memory and utilized however the script
or code specifies.

I could be a little off in the semantics, but overall you should have
your answer.
 
C

craig.burrell

After giving that URL a quick glance to make sure this "library" was not
in the form of an OCX, DLL, or other such binary file, my conclusion is
this:

Anytime a UA or browsing device accesses a web page that contains a
SCRIPT tag, and has JavaScript enabled in that device will immediately
load, and possibly execute whatever it finds included in the page.

SCRIPT tags are not like header files in C/C++. They are more akin to
includes in any of several server-side languages. Once included, then
accessed by the page that does the inclusion, the content of said
include (SCRIPT) is loaded into memory and utilized however the script
or code specifies.

I could be a little off in the semantics, but overall you should have
your answer.

Thank you. That does help to clarify my question.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top