Skip to main content

Javascript functions

1. FSCommand() The attacker can use this when executed from within an embedded Flash object.
2. onAbort() When a user aborts the loading of an image.
3. onActivate() When an object is set as the active element.
4. onAfterPrint() Activates after user prints or previews print job.
5. onAfterUpdate() Activates on data object after updating data in the source object.
6. onBeforeActivate() Fires before the object is set as the active element.
7. onBeforeCopy() The attacker executes the attack string right before a selection is copied to the clipboard. Attackers can do this with the execCommand”Copy” function.
8. onBeforeCut() The attacker executes the attack string right before a selection is cut.
9. onBeforeDeactivate() Fires right after the activeElement is changed from the current object.
10. onBeforeEditFocus() Fires before an object contained in an editable element enters a User Interface (UI)-activated state, or when an editable container object is control selected.
11. onBeforePaste() The user needs to be tricked into pasting or be forced into it using the execCommand”Paste” function.
12. onBeforePrint() User would need to be tricked into printing or attacker could use the print()- or execCommand”Print” function.
13. onBeforeUnload() User would need to be tricked into closing the browser. Attacker cannot unload windows unless it was spawned from the parent.
 14. onBegin() The onbegin event fires immediately when the element’s timeline begins.
15. onBlur() In the case where another pop-up is loaded and window looses focus.
16. onBounce() Fires when the behavior property of the marquee object is set to “alternate” and the contents of the marquee reach one side of the window.
17. onCellChange() Fires when data changes in the data provider.
18. onChange() Select, text, or TEXTAREA field loses focus and its value has been modified.
19. onClick() Someone clicks on a form.
20. onContextMenu() The user would need to right-click on attack area.
21. onControlSelect() Fires when the user is about to make a control selection of the object.
22. onCopy() The user needs to copy something or it can be exploited using the execCommand”Copy” command.
23. onCut() The user needs to copy something or it can be exploited using the execCommand”Cut” command.
24. onDataAvailible() The user would need to change data in an element, or attacker could perform the same function.
25. onDataSetChanged() Fires when the data set is exposed by a data source object changes.
26. onDataSetComplete() Fires to indicate that all data is available from the data source object.
27. onDblClick() User double-clicks as form element or a link.
28. onDeactivate() Fires when the activeElement is changed from the current object to another object in the parent document.
29. onDrag() Requires the user to drag an object.
30. onDragEnd() Requires the user to drag an object.
31. onDragLeave() Requires the user to drag an object off a valid location.
32. onDragEnter() Requires the user to drag an object into a valid location.
33. onDragOver() Requires the user to drag an object into a valid location.
34. onDragDrop() The user drops an object (e.g., file onto the browser window).
35. onDrop() The user drops an object (e.g., file onto the browser window).
36. onEnd() The onEnd event fires when the timeline ends.This can be exploited, like
most of the HTML+TIME event handlers by doing something like <P
STYLE=”behavior:url’#default#time2’” onEnd=”alert’XSS’”>.
37. onError() The loading of a document or image causes an error.
38. onErrorUpdate() Fires on a databound object when an error occurs while updating the associated data in the data source object.
39. onExit() Someone clicks on a link or presses the back button.
40. onFilterChange() Fires when a visual filter completes state change.
41. onFinish() The attacker can create the exploit when marquee is finished looping.
42. onFocus() The attacker executes the attack string when the window gets focus.
43. onFocusIn() The attacker executes the attack string when window gets focus.
44. onFocusOut() The attacker executes the attack string when window looses focus.
45. onHelp() The attacker executes the attack string when users hits F1 while the window is in focus.
46. onKeyDown() The user depresses a key.
47. onKeyPress() The user presses or holds down a key.
48. onKeyUp()The user releases a key.
49. onLayoutComplete() The user would have to print or print preview.
50. onLoad() The attacker executes the attack string after the window loads.
51. onLoseCapture() Can be exploited by the releaseCapture()- method.
52. onMediaComplete() When a streaming media file is used, this event could fire before the file starts playing.
53. onMediaError() The user opens a page in the browser that contains a media file, and the event fires when there is a problem.
54. onMouseDown() The attacker would need to get the user to click on an image.
55. onMouseEnter() The cursor moves over an object or area.
56. onMouseLeave() The attacker would need to get the user to mouse over an image or table and then off again.
57. onMouseMove() The attacker would need to get the user to mouse over an image or table.
58. onMouseOut() The attacker would need to get the user to mouse over an image or table and then off again.
59. onMouseOver() The cursor moves over an object or area.
60. onMouseUp() The attacker would need to get the user to click on an image.
61. onMouseWheel() The attacker would need to get the user to use their mouse wheel.
62. onMove() The user or attacker would move the page.
63. onMoveEnd() The user or attacker would move the page.
64. onMoveStart() The user or attacker would move the page.
65. onOutOfSync() Interrupts the element’s ability to play its media as defined by the timeline.
66. onPaste() The user would need to paste, or attacker could use the execCommand”Paste” function.
67. onPause() The onPause event fires on every element that is active when the timeline pauses, including the body element.
68. onProgress() Attacker would use this as a flash movie was loading.
69. onPropertyChange() The user or attacker would need to change an element property.
70. onReadyStateChange() The user or attacker would need to change an element property.
71. onRepeat() The event fires once for each repetition of the timeline, excluding the first full cycle.
72. onReset() The user or attacker resets a form.
73. onResize() The user would resize the window; the attacker could auto initialize with something like: <SCRIPT>self.resizeTo500,400;</SCRIPT>.
74. onResizeEnd() The user would resize the window; attacker could auto initialize with something like: <SCRIPT>self.resizeTo500,400;</SCRIPT>.
75. onResizeStart() The user would resize the window.The attacker could auto initialize with something like: <SCRIPT>self.resizeTo500,400;</SCRIPT>.
76. onResume() The onresume event fires on every element that becomes active when the timeline resumes, including the body element.
77. onReverse() If the element has a repeatCount greater than one, this event fires every time the timeline begins to play backward.
78. onRowEnter() The user or attacker would need to change a row in a data source.
79. onRowExit() The user or attacker would need to change a row in a data source.
80. onRowDelete() The user or attacker would need to delete a row in a data source.
81. onRowInserted() The user or attacker would need to insert a row in a data source.
82. onScroll() The user would need to scroll, or the attacker could use the scrollBy()- function
83. onSeek() The onreverse event fires when the timeline is set to play in any direction other than forward.
84. onSelect() The user needs to select some text.The attacker could auto initialize with something like: window.document.execCommand”SelectAll”;.
85. onSelectionChange() The user needs to select some text.The attacker could auto initialize with something like window.document.execCommand”SelectAll”;.
86. onSelectStart() The user needs to select some text.The attacker could auto initialize with something like window.document.execCommand”SelectAll”;.
87. onStart() Fires at the beginning of each marquee loop.
88. onStop() The user would need to press the stop button or leave the Web page.
89. onSynchRestored() The user interrupts the element’s ability to play its media as defined by the timeline to fire.
90. onSubmit() Requires that attacker or user submits a form.
91. onTimeError() The user or attacker sets a time property, such as dur, to an invalid value.
92. onTrackChange() The user or attacker changes track in a play List.
93. onUnload() As the user clicks any link or presses the back button or the attacker forces a click.
94. onURLFlip() This event fires when an Advanced Streaming Format (ASF) file, played by a HTML+TIME Timed Interactive Multimedia Extensions media tag, processes script commands embedded in the ASF file.
95. seekSegmentTime() This is a method that locates the specified point on the element’s segment time line and begins playing from that point.The segment consists of one repetition of the time line including reverse play using the AUTOREVERSE attribute.

Comments

Post a Comment