Welcome to WebmasterWorld Guest from 54.144.57.183

Forum Moderators: open

Message Too Old, No Replies

Google javascript broken!

Try these keywords..

     
9:35 am on Oct 23, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Mar 4, 2003
posts:309
votes: 0


I hope this hasn't been covered, it seems to silly to be true..

Type: this can't be true into G

I get "Javascript error at line..." (I tried it on a number of machines)

Here's the code:

onClick="c('http://images.google.com/images?q=this+can't+be+true&hl=en&lr=&ie=UTF-8&oe=UTF-8','wi',event);"

A simple apostrophe/js error? No way.. Have I got something hooking my google requests, or is this seriously a JS error from 1998?

1:23 pm on Oct 23, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:May 23, 2003
posts:50
votes: 0


you need to replace...

this+can't+be+true

with...

this+can%27t+be+true

HTH
Davester

1:27 pm on Oct 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 16, 2003
posts:1298
votes: 0


No need.
this can't be true
works fine in my machine.
[google.com...]
1:29 pm on Oct 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member korkus2000 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 20, 2002
posts:3732
votes: 0


Wonder if it is a firewall problem. Works fine here also. I know norton's firewall has done some crazy stuff to javascript.
1:39 pm on Oct 23, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:May 23, 2003
posts:50
votes: 0


chndru....

you tested with the %27

His example that he was trying does not have that

HTH

1:43 pm on Oct 23, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:Feb 13, 2003
posts:103
votes: 0


I see the Javascript error too, though not every time:

Line: 39
Char: 50
Error: Expected ')'

1:45 pm on Oct 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member korkus2000 is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 20, 2002
posts:3732
votes: 0


What browsers are you guys using. I have tried it many times and G adds the %27 when I submit it.
1:46 pm on Oct 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 27, 2002
posts:959
votes: 0


No problem for me either (tested with apostrophe, not %27).
1:48 pm on Oct 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 16, 2003
posts:1298
votes: 0


you tested with the %27

nope..i just put in ' and the browser automatically converts into the query string. I tested with IE6 and Firebird 0.7 and Opera 7.2.
4:25 pm on Oct 23, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:Dec 26, 2002
posts:81
votes: 0


I get a javascript error too. :) cool.

- swizz

4:36 pm on Oct 23, 2003 (gmt 0)

Preferred Member

10+ Year Member

joined:Feb 27, 2003
posts:637
votes: 1


LOL, got 8 js errors!

Mac

7:13 pm on Oct 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:July 28, 2003
posts:925
votes: 0


I would expect that this is due different JS engines in different browsers.
7:51 pm on Oct 23, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:June 23, 2002
posts:60
votes: 0


Congratulations, hitchhiker. You just found a cross-site scripting security hole [cert.org] in Google.

Here's a clearer example:
[google.com...]
Previous examples gave JS syntax errors; this example shows that you can play with the user's Google cookie.

This isn't the easiest bug to exploit. First, [google.com...] doesn't have logins, so you can't do things "as the user" other than change his preferences. Second, it requires the Google user to click one of the tabs at the top of the page after following your malicious link.

Btw, that URL works in both IE and Mozilla Firebird.

8:47 pm on Oct 23, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Mar 4, 2003
posts:309
votes: 0


Yep,

I just can't believe G made that kinda mistake (It's not even a very complex page!)

I wonder how many MILLIONS of bad requests were served today!

ESCAPE ESCAPE!

5:30 pm on Oct 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 16, 2003
posts:1298
votes: 0


Any updates on this issue?
10:21 pm on Oct 24, 2003 (gmt 0)

Junior Member

10+ Year Member

joined:June 23, 2002
posts:60
votes: 0


It's fixed.
10:25 pm on Oct 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 16, 2003
posts:1298
votes: 0


It's fixed.

Thanks. :-)

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members