View Full Version : Something else we have to look out for...

03-24-2013, 09:22 AM
Hacking the <a> tag in 100 characters (http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html)
Running the latest version of Firefox I actually did end up at Paypal. Maybe they fixed it?

03-24-2013, 10:44 PM
This is quite a novel concept - being able to control what happens when you click something is integral to programming with a UI. However, being able to define what happens in two places (the link tag and JS) is tricky when one is unknown to the user (in this case, the JS). Browsers really should have handled this ages ago but then again, handling the click event of a link can be really helpful.

03-25-2013, 04:22 AM
Seems like it's ripe with the possibility for misdeeds. Someone's going to try and take advantage of it before it's negated by browser fixes. So far I've only seen the news on one site. Wonder how well known it is?

03-25-2013, 08:50 AM
The author seems to have contacted Mozilla and Google but not Apple. Opera seems to have corrected for this already.