Gabe he enjoys when clients ask him to update old software. For Gabe, that’s exciting: you never know what you’re going to discover.
Public Sub AspJavaMessage(ByVal Message As String)
System.Web.HttpContext.Current.Response.Write("<SCRIPT LANGUAGE=""JavaScript"">" & vbCrLf)
System.Web.HttpContext.Current.Response.Write("alert(""" & Message & """)" & vbCrLf)
System.Web.HttpContext.Current.Response.Write("</SCRIPT>")
End Sub
This is ASP .Net server side code.
Let’s start with the function name: AspJavaMessage. We already know we use ASP, or at least I hope we do. We don’t use Java, we use JavaScript. I’m not convinced that the developer behind this isn’t entirely clear on the difference.
Then we do a Response.Write to output a little JavaScript, but we have to talk about Response complain a little. In ASP .Net, you mainly receive yours HttpResponse as part of the event that triggered your response. The only reason you want to access HttpResponse through this long time System.Web.HttpContext.Current.Response gateway is because you are in a lower-level module that, for some reason, was not passed an HTTP response.
That’s a long-winded way of saying, “This is a code smell, and this function probably exists in a layer that shouldn’t mess with the HTTP response.”
Then, of course, we have the ALL CAPS HTML tag, followed by the JavaScript alert() call, aka, the worst a way to pop up notifications on a website.
Ugly, awful and foreshadows far worse choices in the overall application architecture. Gabe must have found…a wonderful treat.
[Advertisement]
Otter – Secure your servers automatically without the need to log into the command line. Get started today!