| Author |
Message |
| Registered: June 9, 2007 |  Posts: 1,208 |
| | Posted: | | | | edited by MarEll
____
See post after Ken's | | | | Last edited: by MarEll |
|
| Registered: March 14, 2007 |  Posts: 273 |
| | Posted: | | | | Doesn't work. Looks like the forum deletes certain stuff from the little script  You'll find a functioning version easily with Google though... |
|
| Registered: June 9, 2007 | | Posts: 1,208 |
| | Posted: | | | | edited by MarEll | | | | Last edited: by MarEll |
|
| Registered: May 19, 2007 | Reputation:  | | Posts: 6,730 |
| | Posted: | | | | That's the ability for Cross Site Scripting (CSS) which is considered to be a severe security leak.
Ken please take over!
EDIT: PM'ed Ken about this | | | It all seems so stupid, it makes me want to give up!
But why should I give up, when it all seems so stupid?
Registrant since 05/22/2003 | | | | Last edited: by Lewis_Prothero |
|
| Registered: June 9, 2007 | | Posts: 1,208 |
| | Posted: | | | | So are you saying that my post is a security risk or just the fact there is a workaround? I'll edit my posts for now just in case. | | | | Last edited: by MarEll |
|
| Registered: March 10, 2007 |  Posts: 4,282 |
| | Posted: | | | | This is not cross site scripting (XSS). If it were possible to embed that code into the site (for instance into a forum message) and have it execute, that would be XSS.
This is harmless and the host of the current page has nothing to do with the results - it will work with any site that contains images. The code has to be pasted into the URL and runs on the client - the server is not involved. | | | | Invelos Software, Inc. Representative |
|
| Registered: June 9, 2007 | | Posts: 1,208 |
| | Posted: | | | | Thanks for the clarification Ken
This is going to be something of an anti-climax now but:
Pasting the below code into the url bar of your browser has a fairly cool effect:
javascript:R=0; x1=.1; y1=.05; x2=.25; y2=.24; x3=1.6; y3=.24; x4=300; y4=200; x5=300; y5=200; DI=document.getElementsByTagName("img"); DIL=DI.length; function A(){for(i=0; i-DIL; i++){DIS=DI[ i ].style; DIS.position='absolute'; DIS.left=(Math.sin(R*x1+i*x2+x3)*x4+x5)+"px"; DIS.top=(Math.cos(R*y1+i*y2+y3)*y4+y5)+"px"}R++}setInterval('A()',5); void(0); |
|
| Registered: March 10, 2007 | | Posts: 4,282 |
| | Posted: | | | | Clarification: Although this particular script is harmless, it should go without saying that pasting strange scripts into your URL is not generally a good idea.  | | | | Invelos Software, Inc. Representative |
|
| Registered: March 13, 2007 | | Posts: 1,136 |
| | Posted: | | | | Quoting MarEll: Quote:
Thanks for the clarification Ken
This is going to be something of an anti-climax now but:
So it does - and not really an anti-climax | | | Signature? We don't need no stinking... hang on, this has been done... blast [oooh now in Widescreen]
Ah... well you see.... I thought I'd say something more interesting... but cannot think of anything..... oh well
And to those of you who have disabled viewing of these signature files "hello" (or not) Registered: July 27, 2004 |
|