Wiki Edit: Don't copy+paste commands

4 respostas [Última entrada]
Joined: 07/17/2013

Hey everyone,

I made a small edit in our wiki, but I also thought it would be worth sharing here.
Copy+paste commands from a website can be exploited even if you have JS disabled. Please have a look at wiki page

If I did something wrong editing please let me know. Thanks and stay safe!

Joined: 01/04/2015

That first link points to a second link:
wherein "control-U" reveals the malicious code.

For the second example, simply highlight the text and right click;
in my Abrowser, there's a duckduckgo menu item presented which links
their search for the hidden code in the highlighted text:!%22&ia=web

Word about this risk is getting around!

Joined: 02/17/2016

That WYSINWYC link is a dead link.


I am a translator!

Joined: 07/27/2010

wow, the CSS exploit is so simple and yet fail-proof. Never thought of it myself, before seeing the article and the explanation...

The javascript exploit did not work on me in abrowser, I disabled libreJS and it still did not work after reloading the site multiple times.

But the CSS one is a really evil way of using stylesheets against the user... In a way it is hilarious.

Joined: 07/17/2013

Yes, there was a dead link on the already existing page. I didn't know if it would be OK for me to delete someone else's content, so I just added my own.

Yes, the CSS exploit is amazingly... amazing I guess lol.