[source lang="cpp"]
"/>
<style type="text/css">
div#trolol {
position: absolute;
left: 0;
top: 0;
width: 100%;
height: 100%;
background-color: rgba(255,128,0,0.5);
}
</style>
<script type="text/javascript">
function b() {
return confirm("You mad, bro?");
}
function a() {
var div = document.createElement("DIV");
div.setAttribute( "id", "trolol" );
div.onclick = b;
document.body.appendChild( div );
}
setTimeout( a, 5000 );
</script>
[/source]
[source lang="cpp"]
const char* str = "maybe two source boxes?";
[/source]
If nothing happens, then move along; nothing to see here.
<.<
>.>
Trying to reproduce what happened in this thread: http://www.gamedev.net/topic/626861-sdl-collision-issue/
Okay, THIS time, I got it.
Potential HTML/Javascript injection exploit with source tags (3)
I'm not sure what's supposed to happen... nothing happens (at least no confirm boxes appear) for me on OS X with Chrome or Safari. If you're talking about the contents of the source tags appearing at the top with junk, I reported the same thing awhile ago for the mobile version... let me check if it's fixed for mobile.
Ok, looks like your code messed up the javascript 'case I can't edit that post now. Yeah, that thing I reported still happens for mobile, and I'm assuming it's related to this.
Looks like any HTML-like tags are parsed out of the source box...
Yeah, that happened when we were discussing knackered code pastes... I'm not seeing the injection exploit though...
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
