Cross Side Scripting Problem (XSS) in Firefox -- Post by Shahzad
Some of the students may find that their code works correctly in Firefox if they are accessing all the XML files locally from their machines,
but get "Permission denied" error, if the same files are accessed from course website. This is because the script, lying on your machine, is
trying to act upon a file that is hosted on another domain. This is called cross side scripting which is not allowed in browsers. It turns out
that Firefox's implementation is more restrictive as compared to IE, when it comes to XSS. So, please make sure, when you are testing your
implementation, either both the HTML/Javascript file and the XML file are on your local machine or both the files are on your course unix account.
Chelmis Charalampos' office hours change for Wednesday, Feb 3rd
Chelmis' office hours will be held from 9:45am - 11:45 am. This change is temporary and only for Wednesday, Feb 3rd.
Rules for Using the Class Newsgroup
Posts to the newsgroup are readable by all so be careful with
what you say.
There is no need to CC TAs and / or Professors. All of us will be able
to see your message. Students are welcome to respond to questions as
well in order to help each other.
Only contact TAs by sending them direct e-mails in case that your
question cannot be answered through this group. If you choose to send
TAs an e-mail you must CC all four TAs. Otherwise your e-mail will be
ignored.
Do not post code and then ask "what's wrong with it, please help"
and expect the audience to fix it for you. The purpose of this group
is NOT to debug your code. Such messages will be DELETED. If you
insist on posting code, your membership will be suspended.
Do not post links to your homework solutions for others to see and
help you with a problem you are facing.Such messages will be DELETED.
If you insist on posting code, your membership will be suspended.
Do not post questions about how your homework was graded. Contact
the individual grader directly by e-mail.
Questions about the specifications, the grading guidelines, and
allowed software libraries are allowed and welcome.
Read already existing posts before creating a new discussion. Your
question might already have been answered. Questions that have already
been answered will be ignored.
General information on operating systems, productivity applications,
Internet connectivity, e-mail and web publishing at USC, can be found
at the
ITS Help site.
Methods for Getting Rid of the USC Disclaimer
Below are four possible ways To get rid of the USC Disclaimer
which appears at the bottom of each web page:
place a NOSCRIPT tag immediately before the /BODY tag.
<NOSCRIPT>
</BODY>
But some people have found that the suggestion of
using the <NOSCRIPT> tag at
the end of the HTML file does not work if they have lines such as
writeln("</BODY>") in their JavaScript code.
Another way to get rid
of the USC disclaimer is to use this code at the beginning of the HTML
file, right after the closing </HEAD> tag:
<!--
<BODY>
<div style="display: block; font-family: Verdana, Geneva, Arial;
font-size: 10px">
The University of Southern California does not screen or control the
content on this website and thus does not guarantee the accuracy,
integrity, or quality of such content. All content on this website is
provided by and is the sole responsibility of the person from which
such content originated, and such content does not necessarily reflect
the opinions of the University administration or the Board of Trustees
</div>
<div style="display: block; font-family: Verdana, Geneva, Arial;
font-size: 10px">
The University of Southern California does not screen or control the
content on this website and thus does not guarantee the accuracy,
integrity, or quality of such content. All content on this website is
provided by and is the sole responsibility of the person from which
such content originated, and such content does not necessarily reflect
the opinions of the University administration or the Board of Trustees
</div>
</BODY>
//-->
Notice that to avoid showing the USC disclaimer on this page in
between the code above, I had to add the same code at the beginning of
this file (you can View Source this page to check this out).
Another Approach
Try putting a </body> tag inside a comment tag: <!-- </body> -->
> before your javascript.
Another approach:
split <body> into two strings "<bo" + "dy>"
Late Assignment Policy
Homework submitted for grading before or on the "Homework Due Date", as listed
in the Schedule of Lectures, will be eligible for 100% of the grade points for
the assignment. Homework submitted late will be accepted for up to 7 calendar
days after the due date, and will receive an automatic 10% penalty. Homework
submitted more than 7 days after the due date will not be accepted.
Accounts for on-campus and DEN students
If you are a remote student, you may get an account on a USC machine or use a
corporate or personal web site. To arrange for a USC
computer account, connect to the DEN web site at http://den.usc.edu/.
On campus students need to establish a directory in which they can store web
pages that will be delivered by USC's student web server. Complete
instructions on how to do this can be found at
http://www.usc.edu/uscweb/authoring/ppages.html.
cs-server.usc.edu machine
If you are not using a personal or corporate account, but are using the
USC machines, then please do your assignments only on the server
assigned for you.
Students in all sections: ssh to cs-server.usc.edu
Port Assignment Policy
To ensure that the possible collisions of TCP/IP ports among students are minimized, please
follow the following port assignment methodology, based on the last 5 digits
(XXXXX) of the random number that was assigned to you when you signed up the
class list:
Use Instead of
XXXXX: Apache port 80 (HTTP port)
XXXXX+1: Tomcat port 8080 (HTTP port)
XXXXX+2: Tomcat port 8005 (admin shutdown port)
XXXXX+3: Tomcat port 8009 (Apache jk port)
XXXXX+4: MySQL port 3306 (TCP/IP port)
Please replace the default ports with the above numbered ports.
