Vulnerability Development mailing list archives
Linkifier Plus executing JS?
From: John Richard Moser <nigelenki () comcast net>
Date: Mon, 12 Feb 2007 15:37:46 -0500
I'm using Linkifier Plus[1] and it keeps replacing 'undefined' with 'ftp://ftp.' anywhere it sees it. I am starting to wonder if there's some way to get it to execute arbitrary Java Script, but I don't know quite how to try to trick it; I would imagine all one word things like alert('Luser!') would do it... Anyway, thought that was interesting. Haven't probed into it deeper. Linkifier Plus is built off Linkifier and Linkify Plus, so those may also be affected... [1] http://userscripts.org/scripts/show/6128 -- We will enslave their women, eat their children and rape their cattle! -- Bosc, Evil alien overlord from the fifth dimension Anti-Spam: https://bugzilla.mozilla.org/show_bug.cgi?id=229686
Current thread:
- Linkifier Plus executing JS? John Richard Moser (Feb 12)