Welcome to WebmasterWorld Guest from 54.198.87.238

Forum Moderators: open

Message Too Old, No Replies

Google javascript broken!

Try these keywords..

     
9:35 am on Oct 23, 2003 (gmt 0)

10+ Year Member



I hope this hasn't been covered, it seems to silly to be true..

Type: this can't be true into G

I get "Javascript error at line..." (I tried it on a number of machines)

Here's the code:

onClick="c('http://images.google.com/images?q=this+can't+be+true&hl=en&lr=&ie=UTF-8&oe=UTF-8','wi',event);"

A simple apostrophe/js error? No way.. Have I got something hooking my google requests, or is this seriously a JS error from 1998?

1:23 pm on Oct 23, 2003 (gmt 0)

10+ Year Member



you need to replace...

this+can't+be+true

with...

this+can%27t+be+true

HTH
Davester

1:27 pm on Oct 23, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



No need.
this can't be true
works fine in my machine.
[google.com...]
1:29 pm on Oct 23, 2003 (gmt 0)

WebmasterWorld Senior Member korkus2000 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Wonder if it is a firewall problem. Works fine here also. I know norton's firewall has done some crazy stuff to javascript.
1:39 pm on Oct 23, 2003 (gmt 0)

10+ Year Member



chndru....

you tested with the %27

His example that he was trying does not have that

HTH

1:43 pm on Oct 23, 2003 (gmt 0)

10+ Year Member



I see the Javascript error too, though not every time:

Line: 39
Char: 50
Error: Expected ')'

1:45 pm on Oct 23, 2003 (gmt 0)

WebmasterWorld Senior Member korkus2000 is a WebmasterWorld Top Contributor of All Time 10+ Year Member



What browsers are you guys using. I have tried it many times and G adds the %27 when I submit it.
1:46 pm on Oct 23, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



No problem for me either (tested with apostrophe, not %27).
1:48 pm on Oct 23, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



you tested with the %27

nope..i just put in ' and the browser automatically converts into the query string. I tested with IE6 and Firebird 0.7 and Opera 7.2.
4:25 pm on Oct 23, 2003 (gmt 0)

10+ Year Member



I get a javascript error too. :) cool.

- swizz

4:36 pm on Oct 23, 2003 (gmt 0)

10+ Year Member



LOL, got 8 js errors!

Mac

7:13 pm on Oct 23, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I would expect that this is due different JS engines in different browsers.
7:51 pm on Oct 23, 2003 (gmt 0)

10+ Year Member



Congratulations, hitchhiker. You just found a cross-site scripting security hole [cert.org] in Google.

Here's a clearer example:
[google.com...]
Previous examples gave JS syntax errors; this example shows that you can play with the user's Google cookie.

This isn't the easiest bug to exploit. First, [google.com...] doesn't have logins, so you can't do things "as the user" other than change his preferences. Second, it requires the Google user to click one of the tabs at the top of the page after following your malicious link.

Btw, that URL works in both IE and Mozilla Firebird.

8:47 pm on Oct 23, 2003 (gmt 0)

10+ Year Member



Yep,

I just can't believe G made that kinda mistake (It's not even a very complex page!)

I wonder how many MILLIONS of bad requests were served today!

ESCAPE ESCAPE!

5:30 pm on Oct 24, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Any updates on this issue?
10:21 pm on Oct 24, 2003 (gmt 0)

10+ Year Member



It's fixed.
10:25 pm on Oct 24, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



It's fixed.

Thanks. :-)

 

Featured Threads

Hot Threads This Week

Hot Threads This Month