Scratch
archived forums
#1 2012-01-08 10:54:43
- waveOSBeta
- Scratcher
- Registered: 2009-12-08
- Posts: 1000+
Whoa!
Anybody using the image userscript, look at this!
[img]http://scratch.mit.edu/img/bg_button.png" onload="javascript:alert('rookwood101s image support script is not XSS secure, it is better to disable it!');" /><img src="[/img]
[i//mg]http://scratch.mit.edu/img/bg_button.png" onload="javascript:alert('rookwood101s image support script is not XSS secure, it is better to disable it!');" /><img src="[/i//\\mg]
Last edited by waveOSBeta (2012-01-08 11:00:44)
![http://internetometer.com/image/10202.png]](http://internetometer.com/image/10202.png])
New signature coming soon!
Offline
#2 2012-01-08 10:56:16
- waveOSBeta
- Scratcher
- Registered: 2009-12-08
- Posts: 1000+
Re: Whoa!
[img]http://scratch.mit.edu/img/bg_button.png" onload="javascript:alert('rookwood101s image support script is not XSS secure, it is better to disable it!');" /><img src="[/img]
Last edited by waveOSBeta (2012-01-08 11:00:23)
New signature coming soon!
Offline
#5 2012-01-08 11:11:39
Re: Whoa!
If you have antidote, rockwood101's browser extension that brings back forum images, those codes bring up dialog boxes.
Edit: However, I think rockwood101 fixed that bug because it might be a security vulnerability.
Last edited by zippynk (2012-01-08 11:12:23)
Offline