**the Hearth** @Felthry@awoo.space · 2020-06-19T15:02:57Z

the Hearth @Felthry@awoo.space

the Hearth @Felthry@awoo.space

Jun 19, 2020, 15:02 · · · ·

**Frost [moved]** @IceWolf@meow.social · Jun 19, 2020, 15:03

**Frost [moved]** @IceWolf@meow.social · Jun 19, 2020, 15:03

Jun 19, 2020, 15:03

Frost [moved] @IceWolf@meow.social

@Felthry If I were on something with HTML input I'd do this as HTML. :3

**the Hearth** @Felthry@awoo.space · Jun 19, 2020, 15:05

**the Hearth** @Felthry@awoo.space · Jun 19, 2020, 15:05

Jun 19, 2020, 15:05

the Hearth @Felthry@awoo.space

@IceWolf I don't even know if this is valid javascript, i just saw @monorail did something similar in her bio and thought it'd be amusing to do in a public post

i think you'd have to have some major problems with your software in order for it to actually pop up an alert

**mixed berry social anxiety disorder 🍓** @monorail@glaceon.social · Jun 19, 2020, 21:13

**mixed berry social anxiety disorder 🍓** @monorail@glaceon.social · Jun 19, 2020, 21:13

Jun 19, 2020, 21:13

mixed berry social anxiety disorder 🍓 @monorail@glaceon.social

@Felthry @IceWolf yeah, if this works, it means your software is vulnerable to an attack that there's very little excuse to be vulnerable to these days

**mixed berry social anxiety disorder 🍓** @monorail@glaceon.social · Jun 19, 2020, 21:15

**mixed berry social anxiety disorder 🍓** @monorail@glaceon.social · Jun 19, 2020, 21:15

Jun 19, 2020, 21:15

mixed berry social anxiety disorder 🍓 @monorail@glaceon.social

@Felthry @IceWolf there was actually a tweetdeck exploit a while ago that did a very similar thing except the javascript located its own script tag, went up a couple parent elements to find the tweet itself, then simulated a click on the retweet button. just viewing the tweet in tweetdeck would cause it to retweet itself

iirc it got retweeted by the official BBC news account

**Scary Monsters and Nice KTs** @KinkyTurtle@dragon.style · Jun 19, 2020, 15:23

**Scary Monsters and Nice KTs** @KinkyTurtle@dragon.style · Jun 19, 2020, 15:23

Jun 19, 2020, 15:23

Scary Monsters and Nice KTs @KinkyTurtle@dragon.style

@Felthry
Thanks, Bobby Tables!

Awoo.space is a Mastodon instance where members can rely on a team of moderators to help resolve conflict, and limits federation with other instances using a specific access list to minimize abuse.

While mature content is allowed here, we strongly believe in being able to choose to engage with content on your own terms, so please make sure to put mature and potentially sensitive content behind the CW feature with enough description that people know what it's about.

Before signing up, please read our community guidelines. While it's a very broad swath of topics it covers, please do your best! We believe that as long as you're putting forth genuine effort to limit harm you might cause – even if you haven't read the document – you'll be okay!

Trending now

Resources

Developers

What is Mastodon?

awoo.space

More…