PDA

View Full Version : Something else we have to look out for...



cradom
03-24-2013, 10:22 AM
Hacking the <a> tag in 100 characters (http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html)
Running the latest version of Firefox I actually did end up at Paypal. Maybe they fixed it?

vansmith
03-24-2013, 11:44 PM
This is quite a novel concept - being able to control what happens when you click something is integral to programming with a UI. However, being able to define what happens in two places (the link tag and JS) is tricky when one is unknown to the user (in this case, the JS). Browsers really should have handled this ages ago but then again, handling the click event of a link can be really helpful.

cradom
03-25-2013, 05:22 AM
Seems like it's ripe with the possibility for misdeeds. Someone's going to try and take advantage of it before it's negated by browser fixes. So far I've only seen the news on one site. Wonder how well known it is?

vansmith
03-25-2013, 09:50 AM
The author seems to have contacted Mozilla and Google but not Apple. Opera seems to have corrected for this already.