View on GitHub

UT Austin schedule generator

Generate nice schedule graphics!

overview

This is an automated generator of nice graphical schedules for UT Austin students. Note: This process involves running untrusted scripts on a page that contains sensitive information. I assure you that I am not stealing your information or doing anything malicious, but if you would like to make an informed decision instead of just taking my word for it, please read the note on security below.

how to use

Bookmark this link: generate schedule
Go to the "Current Course Schedule" page of UT Direct
Click the bookmark that you just made -- you should be redirected to a nice graphical representation of your schedule.

note on security

javascript, cookies, and the same-origin policy

The above link/bookmarklet contains Javascript code that is executed by your browser when you click on it. Modern browsers, in an attempt to foil cross-site-scripting (XSS) attacks, implement a "same-origin policy" (wikipedia) for scripts - essentially, only scripts that come from the same source can share (potentially sensitive) information. However, when you type javascript into the URL bar (what is effectively happening when you click the bookmark), the browser assumes that you know what you are doing and lets your script fragment access all the information that scripts from the same origin as the webpage can. Cookies, persistent bits of site-specific data manipulated by scripts, are one of the things that fall under the heading of "information" in the same-origin policy. Many sites (including UT Direct, I believe) use cookies to store login information -- this is what allows you to remain logged in even while your UT Direct tab (or even your browser) is closed, so that you needn't re-type your password when you open the page up again. Essentially, once you type your password in once, the login cookie identifies you (for a certain time) -- so anyone else, as long as they had your login cookie, could impersonate you.

a cookie-stealing attack

When you click on the bookmark, you are (in effect) throwing away the protection in your browser against the following attack, known as a "cookie-stealing attack" (wikipedia), which works as follows:

An attacker writes malicious Javascript, and somehow tricks you / your browser into running it
This code then code accesses your cookie through the variable document.cookie
Your cookie is then sent to the attacker
Now, all the attacker needs to do is set their utexas.edu cookie to yours, and they can impersonate you on that domain

(If you want to see the contents of your login cookie, you can do so by typing javascript:alert(document.cookie) into your URL bar (while on a page from the utexas.edu domain) and press enter) In order to check that such an attack is not being performed, it is sufficient to read only the Javascript code in the bookmarklet - because it is only this code that runs with access to information belonging to the utexas.edu domain. In order to be absolutely sure, you should check the actual link above, but the same code is reproduced here in more readable form: (// means the rest of the line as a comment)


			javascript:(	//Tell the browser to interpret the rest of the "URL" as Javascript to execute
	window.location = //Go to the URL we're about to build
		'http://fazzone.github.com/schedule.html?q=' //the URL of the schedule page. ? means the rest of the URL represents parameters
			+ document.getElementsByTagName('table')[0] //Get all the <table>s on the page, and select the schedule table (the first one; index 0)
			.innerHTML //ask for the HTML code inside this table
			.replace(/\n/gm,'').replace(/\s+/gm, ' ').replace(/ href...*?\>/g, '>')) //Remove unnecessary bits from the HTML

if it doesn't work

This has only been tested on a fairly small sample of schedules, so it's quite likely there are a multitude of bugs. I would expect it to work in current versions of Chrome and Firefox, but I do not have much hope for even current versions of Internet Explorer. If you encounted a bug, or you believe the output is incorrect (not consistent with your schedule as described by the table in the "Current Course Schedule" page), please copy the contents of your URL bar and send it to me at rmcq@utexas.edu.

for the programmers in the audience

implemtation notes

This program consists of two parts:

The bookmarklet code, which extracts the HTML code of your schedule-table
The actual parsing and rendering logic, which does everything else

So you run the bookmarklet code on the schedule page, and it takes the table HTML and basically pastes it (after some regex replacements to eliminate unnecessary information) on the end of a URL that points to schedule.html. schedule.html is a wrapper for the real program code, which is in two files. parse.js contains the table-parsing logic, and then draw.js has all the drawing stuff. The color-scheme-generation code is in color.hs.

hacking

This code is still very much in development. Here are some questions, tasks, and notes if you want to contribute:

Internet Explorer compatibility: IE supports Canvas, so what gives?
Customization page with options to set class names, colors, etc.
Is the "convert to PNG" button good, or can it be improved?
What other things can go in the "controls" section?
Syntax highlighting for the Javascript on this page
Code style/general: I hacked this together pretty quick in an unfamiliar language, so if you know any ways to refactor it to be cleaner / clearer / more idiomatic, please let me know!
It would be pretty cool if it integrated with the Google Calendar API and automatically entered all your classes into your Google calender for you or something