FavoritesAdder [1]
Please leave here some comments, even in the debugging phase. This could be useful to reduce the workload of an individual programmer. E.g. on my IE.5 I see the adder combobox and overboarding clobbered texts .. at moment. The adder box is preset with JavaScript fragments and the place thereafter.
I didn't test it on other browsers.
-- FridemarPache
What is this? How is JavaScript getting pushed through Wiki to my browser? Let's fix it so this doesn't happen.
It's in the EditLinks section. Seems that "javascript:" is treated as a URL scheme just like any other.
If this is going to be fixed, I'd suggest that it be done by confining url schemes to http or https, and not allowing non-default ports. Too much fun can be had with <file:/dev/mouse> or http://localhost:19/, to give a couple of examples. -- DanBarlow
Agree. In this case we can see from the text, that there are critical links. In the case of EditLinks one can be tricked out, if the author of this link doesn't preface it with some appropriate comments. By the way, I won't touch your dangerously looking links with my current PC, can you please give some explanations or links to elucidating context? -- fp
[1] javascript:favwin=window.open('about:<frameset cols="170,*\"> <frame name=\"contents\" target=\"main\" src=\"about:<body onload=document.addfav.submit()><form name=addfav method=post action=http://www.favoritesanywhere.com/addfavorite.asp><input name=url size=12 value='+escape(location.href)+'><input name=name sze=12 value='+escape(document.title)+'><input name=newfolder size=12 value=romming><input type=submit value=Add It!></form>\"> <frame name=\"mainbrowserwindow\" src=\"'+escape(location.href)+'\"> </frameset>','tit','left=0,top=0,WIDTH=1024,HEIGHT=768,toolbar=yes,location=yes,directories=no,status=no,menubar=yes,resizable=yes,scrollbars=yes,resizable=yes,links=yes,status=yes');favwin.focus();
