Vuln Dev
Linkifier Plus executing JS? Feb 12 2007 08:37PM
John Richard Moser (nigelenki comcast net)
I'm using Linkifier Plus[1] and it keeps replacing 'undefined' with
'ftp://ftp.' anywhere it sees it. I am starting to wonder if there's
some way to get it to execute arbitrary Java Script, but I don't know
quite how to try to trick it; I would imagine all one word things like
alert('Luser!') would do it...

Anyway, thought that was interesting. Haven't probed into it deeper.

Linkifier Plus is built off Linkifier and Linkify Plus, so those may
also be affected...

[1] http://userscripts.org/scripts/show/6128

--
We will enslave their women, eat their children and rape their
cattle!
-- Bosc, Evil alien overlord from the fifth dimension
Anti-Spam: https://bugzilla.mozilla.org/show_bug.cgi?id=229686

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus