Can JavaScript change registry entries?

JavaScript and client side scripting.

Moderator: General Moderators

Post Reply
User avatar
JellyFish
DevNet Resident
Posts: 1361
Joined: Tue Feb 14, 2006 7:18 pm
Location: San Diego, CA

Can JavaScript change registry entries?

Post by JellyFish »

Or otherwise write to another's computer hard drive.

This doesn't sound believable. Ebay states it though:
Ebay wrote:
  • Not permitted
  • ...
  • HTML or JavaScript that changes registry entries, or otherwise writes to another's computer hard drive
  • ...
So it strikes my curiosity.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

I believe IE prohibits it. I'm pretty sure that JavaScript does have the necessary functions, though.
User avatar
stereofrog
Forum Contributor
Posts: 386
Joined: Mon Dec 04, 2006 6:10 am

Post by stereofrog »

There are two standard ActiveX controls installed in Windows: WScript and FileSystemObject that provide access to registry and filesystem for javascript programs. Both are intended rather for shell scripting and disabled in browser by default.

Generally, the answer to "is something possible in language X" question is "everything is possible if you find a binding for your language". In case of javascript, that would be scriptable ActiveX or XPI component.
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

I think that statement made by eBay that you can tamper with the registry is slightly mis-leading. Using FSO anyways.

A quick look into FileSystemObject reveals no specialized API for working in the registry which is required as the registry is not a plain text file. You can work with native files and quite possibly change the registry that way, but to change it according to protocol (properly)...probably quite difficult.

Although using that object it's quite possible to f**k up files permenantly. That I've done! :P
User avatar
JellyFish
DevNet Resident
Posts: 1361
Joined: Tue Feb 14, 2006 7:18 pm
Location: San Diego, CA

Post by JellyFish »

Could someone write a script to mess with my files on my comp without my permission?
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

JellyFish wrote:Could someone write a script to mess with my files on my comp without my permission?
Browsers don't allow it. If any did, no one would use it.

Edit: Microsoft allows it for their website, however. I'm not sure if they do so through JavaScript, but they have unlimited access to your OS (if it's Windows).
User avatar
stereofrog
Forum Contributor
Posts: 386
Joined: Mon Dec 04, 2006 6:10 am

Post by stereofrog »

JellyFish wrote:Could someone write a script to mess with my files on my comp without my permission?
If you allow ActiveX (especially the ones marked as "not safe for scripting") to be installed and executed, that's quite possible.
User avatar
stereofrog
Forum Contributor
Posts: 386
Joined: Mon Dec 04, 2006 6:10 am

Post by stereofrog »

Hockey wrote: A quick look into FileSystemObject reveals no specialized API for working in the registry
Correct. The registry can be accessed with WScript.Shell object.
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Post by alex.barylski »

Hmmm...coool...I wasn't aware of that ability. That could come in handy when developing corporate management systems which are used in Intranet's.
User avatar
JellyFish
DevNet Resident
Posts: 1361
Joined: Tue Feb 14, 2006 7:18 pm
Location: San Diego, CA

Post by JellyFish »

Bottom line is no one can hack into your computer unless you give them permission (i.e. use the a crappy browser that is acts no better then a malware program)?

Or are there ways of hacking into any computer without a security program?
User avatar
stereofrog
Forum Contributor
Posts: 386
Joined: Mon Dec 04, 2006 6:10 am

Post by stereofrog »

JellyFish wrote: Or are there ways of hacking into any computer without a security program?
Unfortunately, yes. Every software, including browsers, mail clients, firewalls and operating systems contains security holes, and an experienced hacker can gain access to everything. There's no door that cannot be opened. ;(
User avatar
JellyFish
DevNet Resident
Posts: 1361
Joined: Tue Feb 14, 2006 7:18 pm
Location: San Diego, CA

Post by JellyFish »

stereofrog wrote:
JellyFish wrote: Or are there ways of hacking into any computer without a security program?
Unfortunately, yes. Every software, including browsers, mail clients, firewalls and operating systems contains security holes, and an experienced hacker can gain access to everything. There's no door that cannot be opened. ;(
How is this possible?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

JellyFish wrote:How is this possible?
All software contains bugs.
Post Reply