Are scripts dangerous to sites/blogs?

[googleninja]

Hi I have a question... Someone bought an advertising on my blog. To be specific is 468X60 banner... Instead of the usual banner and link, he gave me a script to put to the ad spot. He said the script is an openx script... Is it just ok or can it harm/hack my blog?

[grumpyjacksa]

that depends on the actual script...

google adsense also runs off a script...javascript

so it depends on the composition of the script

[googleninja]

here's the script (hope its fine to post it here...)

<script type='text/javascript'><!--//<![CDATA[
var m3_u = (location.protocol=='https:'?'https://openx.wow-channel.com/www/delivery/ajs.php':'http://openx.wow-channel.com/www/delivery/ajs.php');
var m3_r = Math.floor(Math.random()*99999999999);
if (!document.MAX_used) document.MAX_used = ',';
document.write ("<scr"+"ipt type='text/javascript' src='"+m3_u);
document.write ("?zoneid=8");
document.write ('&amp;cb=' + m3_r);
if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
document.write ("&amp;loc=" + escape(window.location));
if (document.referrer) document.write ("&amp;referer=" + escape(document.referrer));
if (document.context) document.write ("&context=" + escape(document.context));
if (document.mmm_fo) document.write ("&amp;mmm_fo=1");
document.write ("'><\/scr"+"ipt>");
//]]>--></script><noscript><a href='http://openx.wow-channel.com/www/delivery/ck.php?n=a83ad2de&amp;cb=INSERT_RANDOM_NUMBER_HERE ' target='_blank'><img src='http://openx.wow-channel.com/www/delivery/avw.php?zoneid=8&amp;n=a83ad2de' border='0' alt='' /></a></noscript>

[Eric Lorence]

You do understand this banner can be switched around at will?

Which means it can changed to a banner for porn or whatever.

Hopefully you trust this person B4 adding it to your site.

[Myles Sinclair]

You need to take a look at the header area of your site. Random parts of this script are being displayed each time the page refreshes!

Hope this helps.

Myles

[googleninja]

oh my... I did not know that... I dont know the person because he just came from the contact form. Maybe I should not accept his offer right?

Thanks

[Eric Lorence]

Quote:

Originally Posted by googleninja

oh my... I did not know that... I dont know the person because he just came from the contact form. Maybe I should not accept his offer right?

Thanks

Yes, I would leave this alone.

Or tell them to use a pre-approved graphic banner and HTML link.

The bigger ad services are usually OK, but unknowns can be a problem.

The script itself is not a problem, but they will have complete control over the content.

[Myles Sinclair]

You have a line of code still remaining.

<p> if (document.MAX_used != ',') document.write ("&amp;exclude=" + document.MAX_used);
</p>

Get rid of this and you'll be fine.

Myles