ReadLaterByEmail/webextensions
1
1
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Reprendre la gestion des extraits #1

New Issue
Open
opened 2018-10-23 14:22:49 +02:00 by Shikiryu · 1 comment
Shikiryu commented 2018-10-23 14:22:49 +02:00
Owner
Copy Link

Le code précédent :

if(typeof(jQuery)!="function"){
	var n = document.createElement("script");
	n.setAttribute("src","//ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js");
	document.getElementsByTagName("head")[0].appendChild(n);
}

function v() {
	if (typeof(jQuery)=="function") {
		clearInterval(i);
		c();
	}
}

var i = window.setInterval(v,100);

function c() {
	q="";
	function gx(el) {
		el=el.get(0);
		xp="";
		for(;el&&el.nodeType==1;el=el.parentNode) {
			id = jQuery(el.parentNode).children(el.tagName).index(el)+1;
			id>1 ? (id="["+id+"]") : (id="");
			xp = "/"+el.tagName.toLowerCase()+id+xp;
		}
		
		return xp;
	}
	
	jQuery("*").bind("mouseenter",function() {
		jQuery("*").removeClass("shikihover");
		jQuery("*").css("border","");
		jQuery(this).css("border","3px solid yellow");
		jQuery(this).addClass("shikihover");
	});
	
	jQuery(".shikihover").live("click",function(){
		jQuery("*").unbind("mouseenter").removeClass("shikihover");
		jQuery(this).css("border","");
		var q = "&q="+gx(jQuery(this)),
			d = document,
			t = d.title,
			f = "//' . $_SERVER['HTTP_HOST'] .substr($_SERVER['PHP_SELF'], 0, -9) . '",
			m = "' . $token . '",
			l = d.location,
			e = encodeURIComponent,
			p = "?v=1&u="+e(l.href)+"&t="+e(t)+"&m="+e(m),
			u = f+p+q;
		newScript = d.createElement("script");
		newScript.type="text/javascript";
		newScript.src=u;
		d.body.appendChild(newScript);
	});
}
Le code précédent : ```js if(typeof(jQuery)!="function"){ var n = document.createElement("script"); n.setAttribute("src","//ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"); document.getElementsByTagName("head")[0].appendChild(n); } function v() { if (typeof(jQuery)=="function") { clearInterval(i); c(); } } var i = window.setInterval(v,100); function c() { q=""; function gx(el) { el=el.get(0); xp=""; for(;el&&el.nodeType==1;el=el.parentNode) { id = jQuery(el.parentNode).children(el.tagName).index(el)+1; id>1 ? (id="["+id+"]") : (id=""); xp = "/"+el.tagName.toLowerCase()+id+xp; } return xp; } jQuery("*").bind("mouseenter",function() { jQuery("*").removeClass("shikihover"); jQuery("*").css("border",""); jQuery(this).css("border","3px solid yellow"); jQuery(this).addClass("shikihover"); }); jQuery(".shikihover").live("click",function(){ jQuery("*").unbind("mouseenter").removeClass("shikihover"); jQuery(this).css("border",""); var q = "&q="+gx(jQuery(this)), d = document, t = d.title, f = "//' . $_SERVER['HTTP_HOST'] .substr($_SERVER['PHP_SELF'], 0, -9) . '", m = "' . $token . '", l = d.location, e = encodeURIComponent, p = "?v=1&u="+e(l.href)+"&t="+e(t)+"&m="+e(m), u = f+p+q; newScript = d.createElement("script"); newScript.type="text/javascript"; newScript.src=u; d.body.appendChild(newScript); }); } ```
Shikiryu added the
help wanted
question
 labels 2020-07-07 11:26:52 +02:00
Shikiryu self-assigned this 2020-07-07 11:26:57 +02:00
Shikiryu commented 2020-07-07 11:27:18 +02:00
Author
Owner
Copy Link

Ceci semble compromis avec webextension, la sélection d'élément du DOM semble possible (voir le clic droit > screenshot de Firefox) mais je ne trouve pas comment.

De plus, cela permettrait à quelqu'un de malveillant d'envoyer un contenu (certes, avec l'apparence obligatoire de ReadLater) malveillant.

À voir si ça vaut le coup…

Ceci semble compromis avec webextension, la sélection d'élément du DOM semble possible (voir le clic droit > screenshot de Firefox) mais je ne trouve pas comment. De plus, cela permettrait à quelqu'un de malveillant d'envoyer un contenu (certes, avec l'apparence obligatoire de ReadLater) malveillant. À voir si ça vaut le coup…
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels   
bug

Something is not working

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
question

More information is needed

  
wontfix

This won't be fixed

No Label
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
Shikiryu
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ReadLaterByEmail/webextensions#1
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?