nxs.net - webmail uses VBScript and other IE-only syntax



Tech Evangelism Graveyard
English US
16 years ago
3 years ago


(Reporter: James Rome, Unassigned)





(1 attachment, 1 obsolete attachment)



16 years ago
My ISP uses this script to make a safelist to control spam. 
It doesn't work in mozilla beacuse it ignores the line:
<script language="JavaScript" src="spam_control.js"></script>
which contains the missing function
Error: ValidateDomain is not defined
Source File: http://webmail.nxs.net/spam/SafeList.asp?action=safelist
Line: 161
It works in IE of course, so they dont much care :-(

html><head><link rel="stylesheet" type="text/css" href="../stylecfg.asp">
<link rel="stylesheet" href="spam_control.css">

<script LANGUAGE="JavaScript">
<!-- Original:  Bob Rockers (brockers@subdimension.com) -->

<!-- This script and many more are available free online at -->
<!-- The JavaScript Source!! http://javascript.internet.com -->

<!-- Begin

function move(fbox,tbox) {
var i = 0;
if(fbox.value != "") {
var no = new Option();
no.value = fbox.value;
no.text = fbox.value;
tbox.options[tbox.options.length] = no;
fbox.value = "";
function remove(box) {
for(var i=0; i<box.options.length; i++) {
if(box.options[i].selected && box.options[i] != "") {
box.options[i].value = "";
box.options[i].text = "";
function BumpUp(abox) {
for(var i = 0; i < abox.options.length; i++) {
if(abox.options[i].value == "")  {
for(var j = i; j < abox.options.length - 1; j++)  {
abox.options[j].value = abox.options[j + 1].value;
abox.options[j].text = abox.options[j + 1].text;
var ln = i;
if(ln < abox.options.length)  {
abox.options.length -= 1;
//  End -->


<script language="javascript">
var L_H_TEXT = "For related information, click a topic:";
var H_KEY = "HM_Block";
<script language="JavaScript" src="spam_control.js"></script>
</head><body bgcolor="#ffffff" link="#0000ff" background=""><table width="500"
bgcolor="#ffffff" cellspacing="0" cellpadding="0" border="0"><tr><td><font
face="arial" size="3"><b>Spam Control
      - Safe List</b></font><br>
<font face="arial" size="2"> &lt<!--  -->jamesrome@nxs.net&gt</font><br><br>

<form name="listsForm" method="POST" action="write_safelist.asp" AUTOCOMPLETE="Off">
<font face="arial" size="2">
<table border=0 cellPadding=0 cellSpacing=0 width="100%">
<td><font class="Wf" size="2" face="Arial">
  Use the Safe List to make sure that Spam Mail Filter never sends important
mail to your Spam Mail
  folder. Messages from addresses (or domains) on your Safe List are always
  delivered to your Inbox.<br><br>
<table width="100%" cellspacing="0" cellpadding="0" border="0">
<td><font class="Wf">
Type a single e-mail address (or domain):

<td style="padding-left:4px;"><font class="Wf">Safe List: </font></td>
<tr valign="top">
<td style="padding:3px;">
<input class="Wf" ID="srcList" onkeypress="return noEnterKey();" name="srcList"
maxlength="100" size=40 type="text">
<td align="center">
<table cellspacing="0" cellpadding="0">
<td style="padding:3px;">
<input type="button" name="Add" value=" Add >> " class="sbttn" style="width:
90px;" onClick="addToTheList( true, true, 'Safe List');">	

<td style="padding:3px;">
<input type="button" class="sbttn" value="<< Remove" name="Remove" disabled
style="width: 90px;" onClick="removeFromTheList();">
<td style="padding:3px;"><font class="Wf">
<select class="Wf" ID="destList" width=230 name="destList"
onClick="isRemoveEnabled(0);" size=10 style="width:230px7;">


  <p align="right">
<input type="hidden" name="killlist">
<input type="hidden" name="PrefList">
<input type="hidden" name="SafeToList">
<input type="hidden" name="action" value="safelist">
<input type="button" class="Bsbttn" onClick="buildAllLists();" name="OK.x"
value=" OK "> &nbsp;
<input type="button" class="Bsbttn" onClick="history.back();" value="Cancel">
<font face="arial" size="2">

<script language="javascript">
var ie = document.all?1:0
var destList	= document.listsForm.destList;
var srcList	= document.listsForm.srcList;
var bttnRemove	= document.listsForm.Remove;
var bttnAdd	= document.listsForm.Add;
if (destList.options.length > 2*250) 
document.listsForm.Add.disabled = 1;
function isRemoveEnabled(isBlur)
var index = destList.selectedIndex;
if (index != -1 && isBlur != 1 )
function addToTheList(allowDomain,checkString,strListType)
var currentLength = destList.length;
var theStr = srcList.value.toLowerCase();
var count = 0;
var domainStr = ValidateDomain( theStr );
var emailStr = ValidateEmail( theStr );
var domainCount=0, emailCount=0; 

srcList.value = theStr;

for ( count=0; count<=currentLength && destList.options[count] != null; count++)
var localStr = destList.options[count].text.toLowerCase(); 
if ( ValidateDomain(localStr) != "" )	domainCount++;
if ( ValidateEmail(localStr) != "" )	emailCount++;	
if ( domainCount >= 250 || emailCount >= 250 )
if ( (ValidateDomain(theStr) != "" && domainCount >= 250) ||
(ValidateEmail(theStr) != "" && emailCount >= 250) )
if (domainCount > 250 && emailCount > 250) bttnAdd.disabled = 1;
alert("Cannot add more addresses to your list because you have reached the 250
entry limit for your Safe List");
return false;	
if (theStr == localStr) 
alert("This address is already included in your Safe List");
return false;	
destList.options[currentLength] = new Option(theStr);
srcList.value = ""; 
return true;
function removeFromTheList() 
if (destList.selectedIndex >=0)
destList.options[destList.selectedIndex] = null;
if (destList.options.length < 2*250)
bttnAdd.disabled = 0;
bttnRemove.disabled = 1;
function removeDeleteLRU() 
destList.options[0] = null;
function disableToggle(tf)
for (x = 5; x <= document.listsForm.length - 4; x++) 
function buildAllLists()
var i=0;
var len = destList.options.length;
// White List
var prefs = document.listsForm.PrefList;
for(i = 0; i < len ; i++) 
prefs.value += destList.options[i].text + "\r";
function noEnterKey()
if (event.keyCode==13)
return false;
if (srcList != null)

Comment 1

16 years ago
Tech Evangelism I guess. Script, reporter mention, could work only in IE with
document.all supporting (there is many lines as:

CliH = document.all.msngrblock.children[4].clientHeight;
TabH = document.all.msngrcontent.parentElement.parentElement.clientHeight;
FatH = document.all.msngrblock.children[0].clientHeigh


Comment 2

16 years ago
The problem is that it says ValidateDomain is undefined, but it is included in
the spam-control.js file that does not seem to be loaded.

How does document.all come in?

Is that non-compliant code? http://javascript.internet.com seems to be the
source for this.

Comment 3

16 years ago
Note the included JS file, http://webmail.nxs.net/spam/spam_control.js,
sets these <object> elements of type "application/x-oleobject":

divMsgrObject.innerHTML = "<OBJECT 
codeType='application/x-oleobject' height='1' id='MsgrObj' 
width='1'></OBJECT><OBJECT classid='clsid:FB7199AB-79BF-11d2-8D94-0000F875C541' 
codeType='application/x-oleobject' height='1' id='MsgrApp' width='1'></OBJECT>";

That could be a problem (i.e. Microsoft-only); I don't know.
I can't see any HTML element |divMsgrObject| anywhere above.
However, I don't have any trouble with the HTML that is given.

I will put that as an attachment below.

James: that is the way to provide large HTML samples to Bugzilla.
File the bug first; then use the "Create a New Attachment" link
to attach the sample. 

When you paste it in-line, as above, we can't click on it easily.
Furthermore, Bugzilla introduces unwanted linefeeds. Of course,
HTML does not mind that, but it introduces errors into the JavaScript.

Just a tip - :-)

Comment 4

16 years ago
Created attachment 113824 [details]
HTML testcase

Comment 5

16 years ago
Created attachment 113826 [details]
HTML testcase (with corrected <form action> href)
Attachment #113824 - Attachment is obsolete: true

Comment 6

16 years ago
When I try the attached HTML in Mozilla, I get only this error in 
the JavaScript Console: 

Error: event is not defined
Source File: http://bugzilla.mozilla.org/attachment.cgi?id=113826&action=view
Line: 268

That's because they use the proprietary, Microsoft-only JavaScript
|event| object to sniff for the <Enter> key in the input box:

function noEnterKey()
  if (event.keyCode==13)
  return false;

However, I do not see the error quoted above:

Error: ValidateDomain is not defined
Source File: http://webmail.nxs.net/spam/SafeList.asp?action=safelist
Line: 161

Instead, I get this error, printed directly in the body of the 
browser, when I click on the "OK" button. 

    Microsoft VBScript runtime  error '800a0005'
    Invalid procedure call or argument
    /spam/write_safelist.asp, line 14

This is our best clue so far. VBScript is another Microsoft-only
technology that is not supported in Mozilla/Netscape. 

We're going to have to assign this bug to Tech Evangelism. That component
will contact http://webmail.nxs.net and inform them of these problems -
Assignee: rogerl → susiew
Component: JavaScript Engine → US General
Product: Browser → Tech Evangelism
QA Contact: pschwartau → zach
Summary: doesn't load include file → webmail.nxs.net - uses VBScript and other IE-only syntax
Version: Trunk → unspecified
tech evang june 2003 reorg
Assignee: susiew → english-us
QA Contact: zach → english-us
Summary: webmail.nxs.net - uses VBScript and other IE-only syntax → nxs.net - webmail uses VBScript and other IE-only syntax
Is this still an issue ?

Comment 9

9 years ago
I do not know. I gave up on NXS years and years ago
Thanks for the response.
I will mark this incomplete because we don't know if they fixed it and there is nobody who could test this.
Last Resolved: 9 years ago
Resolution: --- → INCOMPLETE
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.