Ye' old general discussion board. Basically, for everything that isn't covered elsewhere. Come here to shoot the breeze, shoot your mouth off, or whatever suits your fancy. This forum is not for asking programming related questions.
My first encounter with Frappr is going...suspiciously.
After joining the DevNetwork group, and zooming out the map, clicking on any markers results in two javascript message alerts containing one term - "XSS"...
Maugrim_The_Reaper wrote:My first encounter with Frappr is going...suspiciously.
After joining the DevNetwork group, and zooming out the map, clicking on any markers results in two javascript message alerts containing one term - "XSS"...
That's timvw, trying to prove that Frappr haven't locked things down. You can insert JavaScript code. Luckily that's just an alert, not a vicious attack. I don't think Frappr seem to care
Well, while i was editting my profile i accidentally pasted some <b>Warning</b> php message in there... And i was that it was not escaped... So i thought, let's try the first string at the XSS Cheat sheet... I've send them an e-mail last week, got a reply the day before yesterday... But haven't seen any improvements yet...
Apparently they have made some changes that make the xss trick i did impossible (Too lazy to try other stuff from the cheat sheet) but they forgot to remove it from existing profiles... (I removed it myself today ;p)