dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removed space from " webgoat" directory name

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@272 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64
2008-01-12 17:42:01 +00:00
parent 280b46029b
commit 72c18c5426
917 changed files with 0 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
webgoat/main/project/WebContent/javascript/DOMXSS.js Normal file
View File

@ -0,0 +1,5 @@
function displayGreeting(name) {
if (name != ''){
document.getElementById("greeting").innerHTML="Hello, " + name+ "!";
}
}

5
webgoat/main/project/WebContent/javascript/DOMXSS_backup.js Normal file
View File

@ -0,0 +1,5 @@
function displayGreeting(name) {
if (name != ''){
document.getElementById("greeting").innerHTML="Hello, " + name+ "!";
}
}

64
webgoat/main/project/WebContent/javascript/clientSideFiltering.js Normal file
View File

@ -0,0 +1,64 @@
var dataFetched = false;
function selectUser(){
var newEmployeeID = document.getElementById("UserSelect").options[document.getElementById("UserSelect").selectedIndex].value;
document.getElementById("employeeRecord").innerHTML = document.getElementById(newEmployeeID).innerHTML;
}
function fetchUserData(){
if(!dataFetched){
dataFetched = true;
ajaxFunction(document.getElementById("userID").value);
}
}
function ajaxFunction(userId)
{
var xmlHttp;
try
{
// Firefox, Opera 8.0+, Safari
xmlHttp=new XMLHttpRequest();
}
catch (e)
{
// Internet Explorer
try
{
xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
try
{
xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
}
catch (e)
{
alert("Your browser does not support AJAX!");
return false;
}
}
}
xmlHttp.onreadystatechange=function()
{
var result = xmlHttp.responseText;
if(xmlHttp.readyState==4)
{
document.getElementById("hiddenEmployeeRecords").innerHTML=result;
}
}
xmlHttp.open("GET","lessons/Ajax/clientSideFiltering.jsp?userId=" + userId,true);
xmlHttp.send(null);
}

113
webgoat/main/project/WebContent/javascript/clientSideValidation.js Normal file
View File

@ -0,0 +1,113 @@
var coupons = ["nvojubmq",
"emph",
"sfwmjt",
"faopsc",
"fopttfsq",
"pxuttfsq"];
function isValidCoupon(coupon) {
coupon = coupon.toUpperCase();
for(var i=0; i<coupons.length; i++) {
decrypted = decrypt(coupons[i]);
if(coupon == decrypted){
ajaxFunction(coupon);
return true;
}
}
return false;
}
function decrypt(code){
code = code.toUpperCase();
alpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
caesar = '';
for (i = code.length ;i >= 0;i--){
for (j = 0;j<alpha.length;j++){
if(code.charAt(i) == alpha.charAt(j)){
caesar = caesar + alpha.charAt((j+(alpha.length-1))%alpha.length);
}
}
}
return caesar;
}
function ajaxFunction(coupon)
{
var xmlHttp;
try
{
// Firefox, Opera 8.0+, Safari
xmlHttp=new XMLHttpRequest();
}
catch (e)
{
// Internet Explorer
try
{
xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
try
{
xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
}
catch (e)
{
alert("Your browser does not support AJAX!");
return false;
}
}
}
xmlHttp.onreadystatechange=function()
{
if(xmlHttp.readyState==4)
{
document.form.GRANDTOT.value = document.form.SUBTOT.value * xmlHttp.responseText;
document.form.GRANDTOT.value = dollarRound(document.form.GRANDTOT.value);
}
}
xmlHttp.open("GET","lessons/Ajax/clientSideValidation.jsp?coupon=" + coupon,true);
xmlHttp.send(null);
}
function updateTotals(){
f = document.form;
f.TOT1.value = dollarRound(f.QTY1.value * f.PRC1.value);
f.TOT2.value = dollarRound(f.QTY2.value * f.PRC2.value);
f.TOT3.value = dollarRound(f.QTY3.value * f.PRC3.value);
f.TOT4.value = dollarRound(f.QTY4.value * f.PRC4.value);
f.SUBTOT.value = dollarRound(parseFloat(f.TOT1.value) + parseFloat(f.TOT2.value) + parseFloat(f.TOT3.value) + parseFloat(f.TOT4.value));
f.GRANDTOT.value = f.SUBTOT.value;
isValidCoupon(f.field1.value);
}
function calcTot( price, qty){
return parseInt(qty * price *100)/100;
}
function dollarRound(price){
return parseInt(price *100)/100;
}

6
webgoat/main/project/WebContent/javascript/escape.js Normal file
View File

@ -0,0 +1,6 @@
function escapeHTML (str) {
var div = document.createElement('div');
var text = document.createTextNode(str);
div.appendChild(text);
return div.innerHTML;
}

62
webgoat/main/project/WebContent/javascript/eval.js Normal file
View File

@ -0,0 +1,62 @@
var http_request = false;
function makeXHR(method, url, parameters) {
//alert('url: ' + url + ' parameters: ' + parameters);
http_request = false;
if (window.XMLHttpRequest) { // Mozilla, Safari,...
http_request = new XMLHttpRequest();
if (http_request.overrideMimeType) {
http_request.overrideMimeType('text/html');
}
} else if (window.ActiveXObject) { // IE
try {
http_request = new ActiveXObject("Msxml2.XMLHTTP");
} catch (e) {
try {
http_request = new ActiveXObject("Microsoft.XMLHTTP");
} catch (e) {}
}
}
if (!http_request) {
alert('Cannot create XMLHTTP instance');
return false;
}
// http_request.onreadystatechange = alertContents;
http_request.open(method, url, true);
http_request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
http_request.setRequestHeader("Content-length", parameters.length);
http_request.setRequestHeader("Connection", "close");
http_request.onreadystatechange = function() {
if(http_request.readyState == 4) {
var status = http_request.status;
var responseText = http_request.responseText;
//alert('status: ' + status);
//alert('responseText: ' + responseText);
eval(http_request.responseText);
if(responseText.indexOf("');") != -1
&& responseText.indexOf("alert") != -1
&& responseText.indexOf("document.cookie") != -1){
document.form.submit();
}
}
};
http_request.send(parameters);
}
function purchase(url) {
var field1 = document.form.field1.value;
var field2 = document.form.field2.value;
//alert('field1: ' + field1 + ' field2: ' + field2);
var parameters = 'field1=' + field1 + '&field2=' + field2;
makeXHR('POST', url, parameters);
}

13
webgoat/main/project/WebContent/javascript/instructor/DOMXSS_i.js Normal file
View File

@ -0,0 +1,13 @@
function displayGreeting(name) {
if (name != ''){
document.getElementById("greeting").innerHTML="Hello, " + escapeHTML(name) + "!";
}
}
function escapeHTML (str) {
var div = document.createElement('div');
var text = document.createTextNode(str);
div.appendChild(text);
return div.innerHTML;
}

6
webgoat/main/project/WebContent/javascript/javascript.js Normal file
View File

@ -0,0 +1,6 @@
function MM_reloadPage(init) { //reloads the window if Nav4 resized
if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
}
MM_reloadPage(true);

59
webgoat/main/project/WebContent/javascript/lessonNav.js Normal file
View File

@ -0,0 +1,59 @@
// Logout and Help Swap Image
function MM_reloadPage(init) { //reloads the window if Nav4 resized
if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
}
MM_reloadPage(true);
function MM_swapImgRestore() { //v3.0
var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i++) x.src=x.oSrc;
}
function MM_swapImage() { //v3.0
var i,j=0,x,a=MM_swapImage.arguments; document.MM_sr=new Array; for(i=0;i<(a.length-2);i+=3)
if ((x=MM_findObj(a[i]))!=null){document.MM_sr[j++]=x; if(!x.oSrc) x.oSrc=x.src; x.src=a[i+2];}
}
// Lesson Nav bar image swapping
function MM_preloadImages() { //v3.0
var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array();
var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++)
if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}}
}
function MM_nbGroup(event, grpName) { //v6.0
var i,img,nbArr,args=MM_nbGroup.arguments;
if (event == "init" && args.length > 2) {
if ((img = MM_findObj(args[2])) != null && !img.MM_init) {
img.MM_init = true; img.MM_up = args[3]; img.MM_dn = img.src;
if ((nbArr = document[grpName]) == null) nbArr = document[grpName] = new Array();
nbArr[nbArr.length] = img;
for (i=4; i < args.length-1; i+=2) if ((img = MM_findObj(args[i])) != null) {
if (!img.MM_up) img.MM_up = img.src;
img.src = img.MM_dn = args[i+1];
nbArr[nbArr.length] = img;
} }
} else if (event == "over") {
document.MM_nbOver = nbArr = new Array();
for (i=1; i < args.length-1; i+=3) if ((img = MM_findObj(args[i])) != null) {
if (!img.MM_up) img.MM_up = img.src;
img.src = (img.MM_dn && args[i+2]) ? args[i+2] : ((args[i+1])? args[i+1] : img.MM_up);
nbArr[nbArr.length] = img;
}
} else if (event == "out" ) {
for (i=0; i < document.MM_nbOver.length; i++) {
img = document.MM_nbOver[i]; img.src = (img.MM_dn) ? img.MM_dn : img.MM_up; }
} else if (event == "down") {
nbArr = document[grpName];
if (nbArr)
for (i=0; i < nbArr.length; i++) { img=nbArr[i]; img.src = img.MM_up; img.MM_dn = 0; }
document[grpName] = nbArr = new Array();
for (i=2; i < args.length-1; i+=2) if ((img = MM_findObj(args[i])) != null) {
if (!img.MM_up) img.MM_up = img.src;
img.src = img.MM_dn = (args[i+1])? args[i+1] : img.MM_up;
nbArr[nbArr.length] = img;
} }
}

7
webgoat/main/project/WebContent/javascript/makeWindow.js Normal file
View File

@ -0,0 +1,7 @@
function makeWindow(url, windowName)
{
day = new Date();
id = day.getTime();
eval("page" + id + " = window.open(url, '" + id + "', 'toolbar=0,location=0,scrollbars=1,statusbar=0,menubar=0,resizable=1,width=600,height=500');");
}

140
webgoat/main/project/WebContent/javascript/menu_system.js Normal file
View File

@ -0,0 +1,140 @@
function MM_findObj(n, d) {
var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) {
d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);}
if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n];
for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document);
if(!x && d.getElementById) x=d.getElementById(n); return x;
}
function getHW(t,a) {
var r,p,h=0,w=0;if((p=MM_findObj(a)) !=null){
if(document.all || document.getElementById){h=parseInt(p.offsetHeight);w=parseInt(p.offsetWidth);
if(!h){h=parseInt(p.style.pixelHeight);w=parseInt(p.style.pixelWidth);}
}else if(document.layers){h=parseInt(p.clip.height);w=parseInt(p.clip.width);}}
if(t=="width"){r=w;}else{r=h;}return r;
}
function MM1dwt() {
var g,lh,sw,fr = false;
if(!document.mc)return;
for(var x=0;x<m1.length;x++){tl=m1[x].id;lh="P7CM1DWT0"+tl;
if((g=MM_findObj(lh)) !=null){fr=true;sw=0;break;}
lh="P7CM1DWT1"+tl;if((g=MM_findObj(lh)) !=null){fr=true;sw=1;break;}}
if(fr){eval("trigMenuMagic1('"+tl+"',"+sw+")");}
}
function setMenuMagic1() {
var s,d,g,g2,gg,ww,kx,th,tu,ts,nu,xx,k=0,pa=0;args=setMenuMagic1.arguments;
if((parseInt(navigator.appVersion)>4 || navigator.userAgent.indexOf("MSIE")>-1)&& navigator.userAgent.indexOf("Opera")==-1){pa="px";}
if(navigator.userAgent.indexOf("Opera")>-1){P7OperaW=window.innerWidth;P7OperaH=window.innerHeight;}
if(!document.mc) { m3=new Array();
m=new Array();document.mc=true;ms=new Array();document.imswap=new Array();document.imswapo=new Array();
m1=new Array();m2=new Array();mprop=new Object();mprop.offset=args[0];mprop.rate=args[1];
mprop.delay=args[2];mprop.bottom=args[3];
if(document.layers){mprop.pageh = document.height;}}
for(var x=4;x<args.length;x+=3){if((g=MM_findObj(args[x])) !=null){
m[k]=args[x];g.imname=args[x+2];g.sub=args[x+1];m3[k]=0;
g2=MM_findObj(args[x+2]);tu=g2.src;ts=tu.lastIndexOf(".");
nu=tu.substring(0,ts)+"_open"+tu.substring(ts,tu.length);
nu2=tu.substring(0,ts)+"_over"+tu.substring(ts,tu.length);
document.imswap[k]=new Image();document.imswap[k].src=tu;
document.imswapo[k]=new Image();document.imswapo[k].src=tu;k++;}}
var lf=0;for (var j=0;j<m.length;j++){
if((g=MM_findObj(m[j])) !=null){d=(document.layers)?g:g.style;m1[j]=g;g.waiting=false;
if(j==0){lf=parseInt(d.left);th=parseInt(d.top);}
if(j>0){d.left=(lf+pa);th+=getHW('height',m[j-1]);d.top=(th+pa);}
if((s=MM_findObj(g.sub)) !=null){m2[j]=s;ww=getHW('width',g.sub);
kx=lf-ww-30;dd=(document.layers)?s:s.style;
dd.left=(kx+pa);dd.top=(th+pa);ms[j]=th;dd.visibility="visible";s.open=false;s.waiting=false;}}}
if((g=MM_findObj(mprop.bottom)) !=null){d=(document.layers)?g:g.style;
d.left=(lf+parseInt(args[0])+pa);th+=getHW('height',m[m.length-1]);d.top=(th+pa);}
}
function BM1(el,x,y,a,b,c,s) {
var g,elo=el,f="",m=false,d="";x=parseInt(x);y=parseInt(y);
var t = 'g.BM = setTimeout("BM1(\''+elo+'\',';
if ((g=MM_findObj(el))!=null) {d=(document.layers)?g:g.style;}else{return;}
var xx=(parseInt(d.left))?parseInt(d.left):0;
var yy=(parseInt(d.top))?parseInt(d.top):0;
var i=parseInt(a);
if (eval(g.moved)){clearTimeout(g.BM);}
if (xx<x){xx+=i;m=true;if(xx>x){xx=x;}}
if (xx>x){xx-=i;m=true;if(xx<x){xx=x;}}
if (yy<y){yy+=i;m=true;if(yy>y){yy=y;}}
if (yy>y){yy-=i;m=true;if(yy<y){yy=y;}}
if (m) {
if((parseInt(navigator.appVersion)>4 || navigator.userAgent.indexOf("MSIE")>-1)&& navigator.userAgent.indexOf("Opera")==-1){
xx+="px";yy+="px";}d.left=xx;d.top=yy;g.moved=true;eval(t+x+','+y+','+a+','+b+','+c+',0)",'+b+')');
}else {g.moved=false;wait(elo);}
}
function wait(a) {
var ma,mb;if((mb=MM_findObj(a)) !=null){
if(!mb.waiting || mb.waiting=="none"){return;}
ma=mb.waiting;mb.waiting=false;eval(ma);}
}
function trigMenuMagic1(a,sw) {
var x,g,gg,d,dd,w,lp,tp,im,im2,ts,nu,e,pa=0;if(!document.mc)return;
if((parseInt(navigator.appVersion)>4 || navigator.userAgent.indexOf("MSIE")>-1)&& navigator.userAgent.indexOf("Opera")==-1){pa="px";}
if(navigator.userAgent.indexOf("Opera")>-1){if( P7OperaW!=window.innerWidth || P7OperaH!=window.innerHeight)setMenuMagic1();}
var ofs=parseInt(mprop.offset),trt = parseInt(mprop.rate);
var tdy=parseInt(mprop.delay),tsb,tlf,tst;for(x=0;x<m.length;x++){
if(m[x]==a){d=m1[x];dd=(document.layers)?d:d.style;g=m2[x];gg=(document.layers)?g:g.style;
e=MM_findObj(d.imname);im=e.src;ts=im.replace("_open","");ts=ts.replace("_over","");
if(!g.open){tst="closed";im2=ts.lastIndexOf(".");
nu=ts.substring(0,im2)+"_open"+ts.substring(im2,ts.length);ts = nu;}else{tst="open"}break;}}
if(document.mm1Q){trt=20000;document.mm1Q=false;}
for(j=0;j<m.length;j++){
d=m1[j];dd=(document.layers)?d:d.style;g=m2[j];gg=(document.layers)?g:g.style;
if(j==0){tlf=parseInt(dd.left);}if(g.open){
w=getHW('width',d.sub)+30;w-=parseInt(dd.left);w*=-1;d.waiting=false;
eval("BM1('"+d.sub+"',"+w+","+parseInt(gg.top)+","+20000+","+tdy+",0,0)");}
d.waiting=false;g.open=false;
if(parseInt(sw)==1){e=MM_findObj(d.imname);im=e.src;im2=im.replace("_open","");e.src=im2;}}
var tnt=new Array();var df=0,tcd=0,tdl=m[0];for(j=0;j<m.length;j++){
d=m1[j];dd=(document.layers)?d:d.style;g=m2[j];gg=(document.layers)?g:g.style;
if(j==0){th=parseInt(dd.top);}tnt[j]=th;df=Math.abs(parseInt(dd.top)-th);
if(df>tcd){tdl=m[j];tcd=df;}th+=getHW('height',m[j]);
if(x==j && tst=="closed"){tsb=th;if(m3[j]!=1){th+=getHW('height',d.sub);}}ms[j]=th;}
if(tst=="closed"){d=m1[x];dd=(document.layers)?d:d.style;
g=m2[x];gg=(document.layers)?g:g.style;lp=tlf+ofs;
gg.top=(tsb+pa);ms[x]=tsb;e=MM_findObj(d.imname);if(parseInt(sw)==1){e.src=ts;}
g.open=true;if(m3[x]!=1){gg.visibility="visible";var r;r=MM_findObj(tdl);
r.waiting="BM1('"+d.sub+"',"+lp+","+tsb+","+20000+","+tdy+",0,0)" ;}
}else{d=m1[m1.length-1];d.waiting="none";}
for(j=0;j<m.length;j++ ){eval("BM1('"+m[j]+"',"+tlf+","+tnt[j]+","+trt+","+tdy+",0,0)");}
if((g=MM_findObj(mprop.bottom)) !=null){d=(document.layers)?g:g.style;g.waiting=false;
eval("BM1('"+mprop.bottom+"',"+(tlf+ofs)+","+th+","+trt+","+tdy+",0,0)");
th+=(document.layers)?getHW('height',mprop.bottom):0;}
if(document.layers){var tw2=document.width;
if(document.height<th) {document.height=th;document.width=tw2;}}
}
function rollCMenu1(ev,a,b) {
var e,im,ts,j,nu,g,x,tev=ev.type;
if(!document.mc)return;
if(tev=="mouseover"){for(x=0;x<m.length;x++){
if(m[x]==a){g=m2[x];if(parseInt(b)==0 && g.open) {break;return;}
e=MM_findObj(m1[x].imname);im=e.src;ts=im.replace("_open","");
ts=ts.replace("_over","");j=ts.lastIndexOf(".");
e.src=ts.substring(0,j)+"_over"+ts.substring(j,ts.length);break;}}
}else if(tev=="mouseout"){for(x=0;x<m.length;x++){
if(m[x]==a){e=MM_findObj(d=m1[x].imname);im=e.src;
g=m2[x];ts=im.replace("_open","");ts=ts.replace("_over","");
if(g.open){j=ts.lastIndexOf(".");
nu=ts.substring(0,j)+"_open"+ts.substring(j,ts.length);
}else{nu=ts;}e.src=nu;break;}}}
}
function trigMM1url(param,opt){
var ur,x,i,nv,mn,pr=new Array();
ur=document.URL;x=ur.indexOf("?");
if(x>1){pr=ur.substring(x+1,ur.length).split("&");
for(i=0;i<pr.length;i++){nv=pr[i].split("=");
if(nv.length>0){if(unescape(nv[0])==param){
mn="menu"+unescape(nv[1]);
eval("trigMenuMagic1('"+mn+"',"+opt+")");}}}}
}
document.mm1Q=true;

101
webgoat/main/project/WebContent/javascript/sameOrigin.js Normal file
View File

@ -0,0 +1,101 @@
function submitXHR(){
document.getElementById("responseTitle").innerHTML="Response: ";
document.getElementById("responseArea").innerHTML="";
alert("creating XHR request for: " + document.getElementById("requestedURL").value);
try{
ajaxFunction();
}
catch(err){
alert(err);
document.getElementById("requestedURL").value="";
}
}
function ajaxFunction()
{
var xmlHttp;
try
{
// Firefox, Opera 8.0+, Safari
xmlHttp=new XMLHttpRequest();
}
catch (e)
{
// Internet Explorer
try
{
xmlHttp=new ActiveXObject("Msxml2.XMLHTTP");
}
catch (e)
{
try
{
xmlHttp=new ActiveXObject("Microsoft.XMLHTTP");
}
catch (e)
{
alert("Your browser does not support AJAX!");
return false;
}
}
}
xmlHttp.onreadystatechange=function()
{
var result = xmlHttp.responseText;
if(xmlHttp.readyState==4)
{
document.getElementById("responseTitle").innerHTML="Response from: "
+ document.getElementById("requestedURL").value ;
document.getElementById("responseArea").innerHTML=result;
document.getElementById("requestedURL").value="";
}
}
xmlHttp.open("GET",document.getElementById("requestedURL").value,true);
xmlHttp.send(null);
}
function populate(url){
document.getElementById("requestedURL").value=url;
submitXHR();
var webGoatURL = "lessons/Ajax/sameOrigin.jsp";
var googleURL = "http://www.google.com/search?q=aspect+security";
var hiddenWGStatus = document.getElementById("hiddenWGStatus");
var hiddenGoogleStatus = document.getElementById("hiddenGoogleStatus");
if (url == webGoatURL){
hiddenWGStatus.value = 1;
}
if (url == googleURL){
hiddenGoogleStatus.value = 1;
}
if (hiddenWGStatus.value == 1 && hiddenGoogleStatus.value == 1){
document.form.submit();
}
}

40
webgoat/main/project/WebContent/javascript/toggle.js Normal file
View File

@ -0,0 +1,40 @@
var iframe;
function initIframe() {
var body;
var element;
body = document.getElementsByTagName('body')[0];
element = document.getElementById('lessonPlans');
iframe = document.createElement('iframe');
iframe.style.position = "absolute";
iframe.style.visibility = "hidden";
body.appendChild(iframe);
// Configure the iFrame to border the lessonPlan
document.getElementsByTagName('body')[0].appendChild(element);
iframe.style.height = element.offsetHeight;
iframe.style.left = '275px';
iframe.style.top = '145px';
iframe.style.width = '474px';
}
function toggle(id) {
element = document.getElementById(id);
if (!element) return;
if (element.style.visibility=='visible' || element.style.visibility=='') {
iframe.style.visibility = 'hidden';
element.style.visibility = 'hidden';
element.style.overflow = 'hidden';
element.style.height='1';
} else {
iframe.style.visibility= 'visible';
element.style.visibility = 'visible';
element.style.overflow = 'visible';
element.style.height='';
}
}