On 21/09/2021 8:51 am, Stefan Ram wrote:
> A web page has a link that is shown (in the status bar when
> the mouse is positioned over it) as, e.g.,
>
>
http://www.example.com/
>
> . When one clicks on it (even with the /right/ mouse bottom),
> it is being changed into something like
>
>
http://www.badcompany.com/redirect?uri=http%3A%2F%2Fwww.example.com%2F
>
> . I have looked at the DOM before the click and then again after
> the click and it seems that the DOM is being changed from
>
> ... href="
http://www.example.com/" ...
>
> into
>
> ... href="
http://www.badcompany.com/redirect?uri=http%3A%2F...
>
> . Ok, this is annoying. I assumed that the click is being intercepted
> with JavaScript and then the href attribute is changed.
>
> To get rid of the nasty "clickjacking", I disabled JavaScript before
> I clicked on the link with the right mouse button to "copy" the URI).
> What bewildered me: The link is still changed /with Java-Script/
> disabled! How is this possible?
>
> I tried the same thing with a different browser and still see the
> same behaviour.
>
> Is it possible that after a page has been loaded and some scripts
> already have been executed, disabling JavaScript might not
> immediately disable running any JavaScript from that moment on?
> Is it possible that some JavaScript statements still can be executed?
>
> I have no idea how else it can be possible that the link is
> being changed when JavaScript is disabled.
>
> Or is there any HTML feature that would allow to have such a
> change of the DOM happen without JavaScript? TIA!
They could be using CSS to hide one link, on hover, and show another?
Andrew Poulos