homepage Welcome to WebmasterWorld Guest from 54.204.249.184
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Google / Google News Archive
Forum Library, Charter, Moderator: open

Google News Archive Forum

    
Google javascript broken!
Try these keywords..
hitchhiker




msg:85984
 9:35 am on Oct 23, 2003 (gmt 0)

I hope this hasn't been covered, it seems to silly to be true..

Type: this can't be true into G

I get "Javascript error at line..." (I tried it on a number of machines)

Here's the code:

onClick="c('http://images.google.com/images?q=this+can't+be+true&hl=en&lr=&ie=UTF-8&oe=UTF-8','wi',event);"

A simple apostrophe/js error? No way.. Have I got something hooking my google requests, or is this seriously a JS error from 1998?

 

davester28




msg:85985
 1:23 pm on Oct 23, 2003 (gmt 0)

you need to replace...

this+can't+be+true

with...

this+can%27t+be+true

HTH
Davester

Chndru




msg:85986
 1:27 pm on Oct 23, 2003 (gmt 0)

No need.
this can't be true
works fine in my machine.
[google.com...]

korkus2000




msg:85987
 1:29 pm on Oct 23, 2003 (gmt 0)

Wonder if it is a firewall problem. Works fine here also. I know norton's firewall has done some crazy stuff to javascript.

davester28




msg:85988
 1:39 pm on Oct 23, 2003 (gmt 0)

chndru....

you tested with the %27

His example that he was trying does not have that

HTH

swerve




msg:85989
 1:43 pm on Oct 23, 2003 (gmt 0)

I see the Javascript error too, though not every time:

Line: 39
Char: 50
Error: Expected ')'

korkus2000




msg:85990
 1:45 pm on Oct 23, 2003 (gmt 0)

What browsers are you guys using. I have tried it many times and G adds the %27 when I submit it.

Sinner_G




msg:85991
 1:46 pm on Oct 23, 2003 (gmt 0)

No problem for me either (tested with apostrophe, not %27).

Chndru




msg:85992
 1:48 pm on Oct 23, 2003 (gmt 0)

you tested with the %27

nope..i just put in ' and the browser automatically converts into the query string. I tested with IE6 and Firebird 0.7 and Opera 7.2.

swizz




msg:85993
 4:25 pm on Oct 23, 2003 (gmt 0)

I get a javascript error too. :) cool.

- swizz

macrost




msg:85994
 4:36 pm on Oct 23, 2003 (gmt 0)

LOL, got 8 js errors!

Mac

dirkz




msg:85995
 7:13 pm on Oct 23, 2003 (gmt 0)

I would expect that this is due different JS engines in different browsers.

jesserud




msg:85996
 7:51 pm on Oct 23, 2003 (gmt 0)

Congratulations, hitchhiker. You just found a cross-site scripting security hole [cert.org] in Google.

Here's a clearer example:
[google.com...]
Previous examples gave JS syntax errors; this example shows that you can play with the user's Google cookie.

This isn't the easiest bug to exploit. First, [google.com...] doesn't have logins, so you can't do things "as the user" other than change his preferences. Second, it requires the Google user to click one of the tabs at the top of the page after following your malicious link.

Btw, that URL works in both IE and Mozilla Firebird.

hitchhiker




msg:85997
 8:47 pm on Oct 23, 2003 (gmt 0)

Yep,

I just can't believe G made that kinda mistake (It's not even a very complex page!)

I wonder how many MILLIONS of bad requests were served today!

ESCAPE ESCAPE!

Chndru




msg:85998
 5:30 pm on Oct 24, 2003 (gmt 0)

Any updates on this issue?

jesserud




msg:85999
 10:21 pm on Oct 24, 2003 (gmt 0)

It's fixed.

Chndru




msg:86000
 10:25 pm on Oct 24, 2003 (gmt 0)

It's fixed.

Thanks. :-)

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google News Archive
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved