info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: Mystery (DOM change when JavaScript is disabled)
18 views
Skip to first unread message
Andrew Poulos
Sep 20, 2021, 7:17:47 PM9/20/21
to
On 21/09/2021 8:51 am, Stefan Ram wrote:
> A web page has a link that is shown (in the status bar when
> the mouse is positioned over it) as, e.g.,
>
> http://www.example.com/
>
> . When one clicks on it (even with the /right/ mouse bottom),
> it is being changed into something like
>
> http://www.badcompany.com/redirect?uri=http%3A%2F%2Fwww.example.com%2F
>
> . I have looked at the DOM before the click and then again after
> the click and it seems that the DOM is being changed from
>
> ... href="http://www.example.com/" ...
>
> into
>
> ... href="http://www.badcompany.com/redirect?uri=http%3A%2F...
>
> . Ok, this is annoying. I assumed that the click is being intercepted
> with JavaScript and then the href attribute is changed.
>
> To get rid of the nasty "clickjacking", I disabled JavaScript before
> I clicked on the link with the right mouse button to "copy" the URI).
> What bewildered me: The link is still changed /with Java-Script/
> disabled! How is this possible?
>
> I tried the same thing with a different browser and still see the
> same behaviour.
>
> Is it possible that after a page has been loaded and some scripts
> already have been executed, disabling JavaScript might not
> immediately disable running any JavaScript from that moment on?
> Is it possible that some JavaScript statements still can be executed?
>
> I have no idea how else it can be possible that the link is
> being changed when JavaScript is disabled.
>
> Or is there any HTML feature that would allow to have such a
> change of the DOM happen without JavaScript? TIA!
They could be using CSS to hide one link, on hover, and show another?
Andrew Poulos
> A web page has a link that is shown (in the status bar when
> the mouse is positioned over it) as, e.g.,
>
> http://www.example.com/
>
> . When one clicks on it (even with the /right/ mouse bottom),
> it is being changed into something like
>
> http://www.badcompany.com/redirect?uri=http%3A%2F%2Fwww.example.com%2F
>
> . I have looked at the DOM before the click and then again after
> the click and it seems that the DOM is being changed from
>
> ... href="http://www.example.com/" ...
>
> into
>
> ... href="http://www.badcompany.com/redirect?uri=http%3A%2F...
>
> . Ok, this is annoying. I assumed that the click is being intercepted
> with JavaScript and then the href attribute is changed.
>
> To get rid of the nasty "clickjacking", I disabled JavaScript before
> I clicked on the link with the right mouse button to "copy" the URI).
> What bewildered me: The link is still changed /with Java-Script/
> disabled! How is this possible?
>
> I tried the same thing with a different browser and still see the
> same behaviour.
>
> Is it possible that after a page has been loaded and some scripts
> already have been executed, disabling JavaScript might not
> immediately disable running any JavaScript from that moment on?
> Is it possible that some JavaScript statements still can be executed?
>
> I have no idea how else it can be possible that the link is
> being changed when JavaScript is disabled.
>
> Or is there any HTML feature that would allow to have such a
> change of the DOM happen without JavaScript? TIA!
They could be using CSS to hide one link, on hover, and show another?
Andrew Poulos
Maik Koenig
Sep 20, 2021, 8:42:33 PM9/20/21
to
Am 21.09.2021 um 00:51 schrieb Stefan Ram:
> A web page has a link that is shown (in the status bar when
> the mouse is positioned over it) as, e.g.,
>
> http://www.example.com/
>
> . When one clicks on it (even with the /right/ mouse bottom),
> it is being changed into something like
>
> http://www.badcompany.com/redirect?uri=http%3A%2F%2Fwww.example.com%2F
>
How about giving the url so we can look?
> A web page has a link that is shown (in the status bar when
> the mouse is positioned over it) as, e.g.,
>
> http://www.example.com/
>
> . When one clicks on it (even with the /right/ mouse bottom),
> it is being changed into something like
>
> http://www.badcompany.com/redirect?uri=http%3A%2F%2Fwww.example.com%2F
>
Greetz,
MK
--
Kopp-Verlag-Gläubige, Religionsdeppen, rechte Vollidioten
und ähnlicher Bio-Abfall werden ohne Hinweis ignoriert!
Ich lese die Gruppen in denen ich schreibe: KEINE Mailkopie.
Jon Ribbens
Sep 21, 2021, 7:11:07 AM9/21/21
to
On 2021-09-20, Stefan Ram <r...@zedat.fu-berlin.de> wrote:
> Is it possible that after a page has been loaded and some scripts
> already have been executed, disabling JavaScript might not
> immediately disable running any JavaScript from that moment on?
> Is it possible that some JavaScript statements still can be executed?
I think I would go with "if JavaScript was enabled when you loaded the
> Is it possible that after a page has been loaded and some scripts
> already have been executed, disabling JavaScript might not
> immediately disable running any JavaScript from that moment on?
> Is it possible that some JavaScript statements still can be executed?
page, then disabling it does nothing until you reload the page".
JJ
Sep 21, 2021, 3:35:29 PM9/21/21
to
On 20 Sep 2021 22:51:05 GMT, Stefan Ram wrote:
> A web page has a link that is shown (in the status bar when
> the mouse is positioned over it) as, e.g.,
>
> http://www.example.com/
>
> . When one clicks on it (even with the /right/ mouse bottom),
> it is being changed into something like
>
> http://www.badcompany.com/redirect?uri=http%3A%2F%2Fwww.example.com%2F
>
> A web page has a link that is shown (in the status bar when
> the mouse is positioned over it) as, e.g.,
>
> http://www.example.com/
>
> . When one clicks on it (even with the /right/ mouse bottom),
> it is being changed into something like
>
> http://www.badcompany.com/redirect?uri=http%3A%2F%2Fwww.example.com%2F
>
> . I have looked at the DOM before the click and then again after
> the click and it seems that the DOM is being changed from
>
> .... href="http://www.example.com/" ...
> the click and it seems that the DOM is being changed from
>
>
> into
>
> .... href="http://www.badcompany.com/redirect?uri=http%3A%2F...
>
> . Ok, this is annoying. I assumed that the click is being intercepted
> with JavaScript and then the href attribute is changed.
>
> To get rid of the nasty "clickjacking", I disabled JavaScript before
> I clicked on the link with the right mouse button to "copy" the URI).
> What bewildered me: The link is still changed /with Java-Script/
> disabled! How is this possible?
>
> I tried the same thing with a different browser and still see the
> same behavior.
> . Ok, this is annoying. I assumed that the click is being intercepted
> with JavaScript and then the href attribute is changed.
>
> To get rid of the nasty "clickjacking", I disabled JavaScript before
> I clicked on the link with the right mouse button to "copy" the URI).
> What bewildered me: The link is still changed /with Java-Script/
> disabled! How is this possible?
>
> I tried the same thing with a different browser and still see the
>
> Is it possible that after a page has been loaded and some scripts
> already have been executed, disabling JavaScript might not
> immediately disable running any JavaScript from that moment on?
> Is it possible that some JavaScript statements still can be executed?
>
> Is it possible that after a page has been loaded and some scripts
> already have been executed, disabling JavaScript might not
> immediately disable running any JavaScript from that moment on?
> Is it possible that some JavaScript statements still can be executed?
>
> I have no idea how else it can be possible that the link is
> being changed when JavaScript is disabled.
>
> Or is there any HTML feature that would allow to have such a
> change of the DOM happen without JavaScript? TIA!
I suspect that the JavaScript is not entirely disabled/blocked. If it was
> being changed when JavaScript is disabled.
>
> Or is there any HTML feature that would allow to have such a
> change of the DOM happen without JavaScript? TIA!
disabled/blocked using a browser addon, some addons can only do it by
blocking external JavaScript resource network requests but can not disable
enbedded/inline JavaScript.
0 new messages