The Powder Toy

Integrating Javascript in posts

  • FeynmanLogomaker     3rd Jul 2013 Member 0 Permalink

    If it works, you should get an alert or have "test" printed to the console.


    <![CDATA[ print("test"); alert("OK, I\'m not sure if this worked, but if you saw this,\nit is possible to integrate Javascript into a forum post using the\nHTML editor. Just a suggestion."); ]]>

    EDIT: How come it won't let you do Javascript in the HTML editor?

  • jacob1     4th Jul 2013 Developer 0 Permalink
    uhh ... why should it let you use javascript? We don't want people to be making random alerts appear, or doing whatever else javascript allows

    The last time we got the new editor I think some exploit or something allowed javascript for a while, but it's not something we need, the forums are fine without it
  • boxmein     4th Jul 2013 Former Staff 0 Permalink
    Nobody should ever never ever be allowed to use Javascript in forum posts. The mere suggestion of that is brutish.
    Here's what I could do with Javascript:
    1. Grab your session key and POST it onto my own website.
    2. Add a subtle difference to the Feedback forums requiring you to post your Powder.pref along with your post.
    3. Running this everywhere on your post.
    4. Randomly redirecting you to goatse.
    5. pushstate locking your tab in. (nah apparently that's not a thing)
    6. Forwarding you to ANY site imaginable.
    7. Setting up a reverse shell - connecting to my server and then listening for any of my commands. WebSockets <3 (well there's the cross domain problem tho)
    8. Cutting inbetween your forum posts and rewriting them to anything I'd like.
    9. Editing any of your existing forum posts, potentially causing users to run malicious machine code.
    10. Doxxing you
    11. Crashing your browser (i dunno but it might happen)


    So please yes integrate javascript in posts. < 3
  • cyberdragon     4th Jul 2013 Member 0 Permalink

    BUT WAIT...THERE'S MORE!

     

    -opening backdoors to infected websites letting in viruses and hackers

    -sniff out your location (if you don't have it in profile)

    -detect your browser and determine a plan of attack (can java do that?)

    -cause random file downloads of anything

    -D...O...S (your browser)

    -Distributed...Denial...Of...Service (force you to participate)

    -I.P. sniffing

    -M.A.C. sniffing

     

    So, this is a must-have! ~:o

You need to login before you can post replies
Locked by jacob1: obviously no