Skip to page content or Skip to Accesskey List.

Work

Main Page Content

Defeating The Third Voice Plug In

Rated 3.91 (Ratings: 1)

Want more?

  • More articles in Code
 
Picture of Jeff Howden

Jeff Howden

Member info

User since: 14 Dec 1998

Articles written: 21

I've been playing around trying to figure out how to beat this plug-in. In my playing around, I've come up with a script that will render it completely useless on any page the following JavaScript is posted.

How Third Voice works is to append comments to specific text at a specific URL. However, if that URL changes, the comment is no longer attached to anything relevant. So, the trick is to make sure the URL is never the same.

This can be done by appending a random string to the end of the URL using the location.search object. If the URL already has the random string appended to it, change the random string and re-append. The trick is to get the script to not force the browser into an infinite loop. The easiest way to do that is to use the getTime() function which returns the number of milliseconds since January 1, 1970. Since this number is always changing, we can easily be guaranteed that the string to attach to the end of the URL is unique. If the page is loaded with a search string already attached, we simply check to see if it is within 100,000 milliseconds from the current time string created when the page is loaded. If it is more than 100,000 milliseconds the page is reloaded with the new time string appended.

Here's the script. I've tested it on both IE4 and IE5 and it seems to work pretty well. Have massaged it so it won't cause any errors and won't throw the browser into a loop. Be sure to place the following script in the head section of your document of every page you want protected and you're now Thirdvoice-proof.

<script language="JavaScript" type="text/javascript">

<!--

var agt = navigator.userAgent.toLowerCase();

var ie4u = ((agt.indexOf('msie') != -1) && (parseInt(navigator.appVersion) >= 4));

if(ie4u)

{

ts = new Date();

ts = ts.getTime();

lh = location.href;

if(location.search)

{

ls = location.search;

if(parseInt(ts) - ls.substring(1,ls.length) >= '100000')

{

location.href = lh.substring(0,lh.indexOf('?')) + '?' + ts;

}

}

else

{

location.href = lh + '?' + ts;

}

}

// -->

</script>

That's all there is to it. So, for those of you who don't care to let Third Voice ruin your creations, have at it.

Jeff Howden (.jeff) is a web developer working for Vos & Howden, LLC in Portland, Oregon where he's partnered with long-time colleague, Anthony Vos. His skills include ColdFusion, JavaScript, CSS, XML, relational databases, and much, much more. His biggest professional accomplishments include, but are not limited to:

  • building a ColdFusion-based e-commerce solution for Mt. Bachelor that transacted over $1.62 million dollars in September 2001 with 0 (yes, that's zero) ColdFusion errors and then an almost completely rebuilt version transacted $2.86 million dollars in September 2002.
  • being asked to be a Technical Editor for the ColdFusion MX book, Inside ColdFusion MX from New Rider's Publishing company.
  • being asked by BrainBench to perform quality control on their JavaScript 1.5 certification test after receiving the highest beta test score out of 200 testees.
  • managing the server that hosts evolt.org and withstanding a slashdotting that brought over 1,000,000 hits to the site, over 10 gigs of data transfer, and an average in excess of 2300 unique visitor sessions per hour, all within a 24-hour period and the server never hiccuping once.

The access keys for this page are: ALT (Control on a Mac) plus:

evolt.org Evolt.org is an all-volunteer resource for web developers made up of a discussion list, a browser archive, and member-submitted articles. This article is the property of its author, please do not redistribute or use elsewhere without checking with the author.